WEBVTT X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:900000 00:00:00.000 --> 00:00:02.952 [MUSIC PLAYING] 00:00:18.210 --> 00:00:21.390 DAVID MALAN: This is CS50's introduction to cybersecurity. 00:00:21.390 --> 00:00:22.470 My name is David Malan. 00:00:22.470 --> 00:00:25.140 And this week, let's focus on securing accounts. 00:00:25.140 --> 00:00:27.180 You and I have so many accounts nowadays, 00:00:27.180 --> 00:00:29.430 be it for websites or apps or the like. 00:00:29.430 --> 00:00:32.130 And we'll focus today on exactly what the threats are 00:00:32.130 --> 00:00:35.340 to all of those accounts but more importantly, what some of the defenses 00:00:35.340 --> 00:00:37.590 are so that you can keep those accounts secure. 00:00:37.590 --> 00:00:40.810 But let's first consider what we mean by security in the physical world, 00:00:40.810 --> 00:00:41.470 for instance. 00:00:41.470 --> 00:00:44.760 Whether you live in a home, an apartment, a dormitory or the like, 00:00:44.760 --> 00:00:47.940 odds are you have a key that lets you into that building. 00:00:47.940 --> 00:00:51.420 Now, that key, of course, lets you in through that locked door, 00:00:51.420 --> 00:00:54.930 and then you have access to the entire habitat. 00:00:54.930 --> 00:00:57.930 But the catch is that if someone else gets that key, of course, 00:00:57.930 --> 00:01:03.007 they, too, can let themselves into that system or into that same building. 00:01:03.007 --> 00:01:05.340 So let's consider now in the digital world, though, what 00:01:05.340 --> 00:01:07.848 some of the building blocks are of security so 00:01:07.848 --> 00:01:10.890 that we can focus exactly what those threats and what those defenses are. 00:01:10.890 --> 00:01:13.230 So first, allow me to propose that we think 00:01:13.230 --> 00:01:16.470 about the security of our accounts in terms of authentication. 00:01:16.470 --> 00:01:19.270 So authentication refers to this process, 00:01:19.270 --> 00:01:24.160 digitally, of proving who you are, that I, for instance, am David. 00:01:24.160 --> 00:01:27.100 But that alone isn't necessarily enough to keep 00:01:27.100 --> 00:01:30.760 a system secure because just because I'm David doesn't necessarily mean 00:01:30.760 --> 00:01:33.370 I should have access to your entire home. 00:01:33.370 --> 00:01:35.408 Perhaps I should not have access at all. 00:01:35.408 --> 00:01:37.450 Perhaps I should just have access to the entryway 00:01:37.450 --> 00:01:40.070 or some narrower form of access. 00:01:40.070 --> 00:01:41.830 And so there's this related topic when it 00:01:41.830 --> 00:01:46.120 comes to the security of locations or systems known as authorization. 00:01:46.120 --> 00:01:49.300 So authorization speaks to whether or not 00:01:49.300 --> 00:01:54.260 you should have access to something, once you have proven that you are, 00:01:54.260 --> 00:01:58.060 that I am David and that I should, in fact, have access to the door 00:01:58.060 --> 00:01:59.530 that I just walked through. 00:01:59.530 --> 00:02:03.340 Now, when it comes to our accounts in the digital world, 00:02:03.340 --> 00:02:06.970 we, of course, don't use physical keys, but very frequently nowadays we 00:02:06.970 --> 00:02:09.340 use usernames, which, of course, can be public. 00:02:09.340 --> 00:02:11.560 It might be a username like David. 00:02:11.560 --> 00:02:13.090 It might be a username like Malan. 00:02:13.090 --> 00:02:17.680 Or it might be more commonly, even an entire email address that presumably 00:02:17.680 --> 00:02:19.910 uniquely identifies you in the world. 00:02:19.910 --> 00:02:23.920 But even though that's public, the thing that you and I ideally keep private 00:02:23.920 --> 00:02:25.450 is, of course, our password. 00:02:25.450 --> 00:02:28.720 And nowadays, you and I must have dozens, maybe even 00:02:28.720 --> 00:02:32.530 hundreds of passwords that are hopefully distinct 00:02:32.530 --> 00:02:34.780 and not reused across all of those different websites, 00:02:34.780 --> 00:02:36.080 but more on that in a moment. 00:02:36.080 --> 00:02:38.830 And so it's really this password that ultimately 00:02:38.830 --> 00:02:41.920 allows you to authenticate yourself, demonstrate 00:02:41.920 --> 00:02:46.130 who you are because presumably I am the only one in the world that knows, 00:02:46.130 --> 00:02:49.468 not only my username or email address, which all of us can know, 00:02:49.468 --> 00:02:51.760 but presumably I'm the only one in the world that knows 00:02:51.760 --> 00:02:54.670 my username and this here password. 00:02:54.670 --> 00:02:57.400 And so the presumption is if I type in both of those values 00:02:57.400 --> 00:03:02.800 to some app or some website that I must, in fact, be David Malan, in that case. 00:03:02.800 --> 00:03:06.580 Of course, it's not good enough to just have a password. 00:03:06.580 --> 00:03:08.027 You need to have a good password. 00:03:08.027 --> 00:03:09.610 Now, what do we mean by good password? 00:03:09.610 --> 00:03:12.850 Well, ideally, this password is not going to be in a dictionary, 00:03:12.850 --> 00:03:15.310 like, literally a dictionary of English words 00:03:15.310 --> 00:03:17.450 or whatever your human language might be. 00:03:17.450 --> 00:03:17.950 Why? 00:03:17.950 --> 00:03:20.810 Well, there's this threat known as a dictionary attack. 00:03:20.810 --> 00:03:23.590 And by this I mean an adversary, a hacker that 00:03:23.590 --> 00:03:25.840 wants to get into your account, they could just 00:03:25.840 --> 00:03:28.570 start typing randomly to try to figure out what your password is. 00:03:28.570 --> 00:03:29.860 But they're a little smarter. 00:03:29.860 --> 00:03:32.170 They'll actually use a dictionary attack. 00:03:32.170 --> 00:03:34.720 That is they'll open a physical book of words, 00:03:34.720 --> 00:03:38.290 or more likely they'll open a file on their computer containing 00:03:38.290 --> 00:03:42.580 a whole lot of actual English words or in some other human language, and then 00:03:42.580 --> 00:03:45.100 just one at a time, try this word as your password, 00:03:45.100 --> 00:03:48.160 this word as your password, this word as your password and so forth. 00:03:48.160 --> 00:03:52.030 Because if you and I have chosen a pretty guessable password, one 00:03:52.030 --> 00:03:55.330 that is an actual word in a dictionary, they're going to get into your account 00:03:55.330 --> 00:03:56.710 much faster. 00:03:56.710 --> 00:03:58.510 But even if you and I are clever-- 00:03:58.510 --> 00:04:01.750 and odds are by this point in life you know that you shouldn't just 00:04:01.750 --> 00:04:04.510 choose a simple English or some other language word, 00:04:04.510 --> 00:04:07.630 but rather you should probably have some numbers, some letters, 00:04:07.630 --> 00:04:10.240 some punctuation, or the like-- you're still vulnerable, 00:04:10.240 --> 00:04:14.260 as am I, to what we would call a brute force attack. 00:04:14.260 --> 00:04:19.660 Brute force sort of evokes the memories of yesteryear 00:04:19.660 --> 00:04:22.600 where someone might have had a big branch of a tree using 00:04:22.600 --> 00:04:25.930 as a battering ram trying to get into the castles from past times. 00:04:25.930 --> 00:04:28.000 But brute force attacks in the digital world 00:04:28.000 --> 00:04:32.830 mean something analogously, whereby you're using software to digitally try 00:04:32.830 --> 00:04:34.840 all possible passwords. 00:04:34.840 --> 00:04:38.710 And so here, too, are you vulnerable because if your password is too short, 00:04:38.710 --> 00:04:41.740 even if it's random with letters, numbers, and symbols, 00:04:41.740 --> 00:04:44.530 odds are an adversary or a hacker that has enough time 00:04:44.530 --> 00:04:46.720 and enough technical savvy, they can just try 00:04:46.720 --> 00:04:49.390 every possible password in the world. 00:04:49.390 --> 00:04:52.400 And eventually, they might very well get into your system. 00:04:52.400 --> 00:04:56.622 So how do we go about defending against these kinds of attacks? 00:04:56.622 --> 00:04:59.080 Well, we use these passwords, but these passwords of course 00:04:59.080 --> 00:05:00.080 come in different forms. 00:05:00.080 --> 00:05:04.780 And it's kind of a low bar that is set by default on a lot of devices 00:05:04.780 --> 00:05:05.530 still nowadays. 00:05:05.530 --> 00:05:07.570 For instance, on your phone if you'd like 00:05:07.570 --> 00:05:13.060 to chime in here in the chat, how many characters or digits, in particular, 00:05:13.060 --> 00:05:14.875 are typically required of systems? 00:05:14.875 --> 00:05:17.500 Well, I would conjecture that very often when I set up a phone, 00:05:17.500 --> 00:05:22.900 I'm only asked for a passcode, a numeric password, of four digits alone. 00:05:22.900 --> 00:05:29.890 Now, if you have a four-digit passcode or password more generally, how secure 00:05:29.890 --> 00:05:30.550 is that? 00:05:30.550 --> 00:05:34.780 And how do we even go about thinking about how secure that password is? 00:05:34.780 --> 00:05:38.230 Well, I would propose that we could start to measure not even using 00:05:38.230 --> 00:05:40.990 fancy math, but just some basic heuristics, we could measure 00:05:40.990 --> 00:05:45.370 the security of a password that has just four digits by considering well, 00:05:45.370 --> 00:05:48.430 how many possible four-digit passcodes are there? 00:05:48.430 --> 00:05:50.680 So perhaps if you'd like to chime in here in the chat, 00:05:50.680 --> 00:05:54.040 how many possible passwords are there if they're 00:05:54.040 --> 00:05:58.990 all digits 0 through 9, decimal digits, and if you only have four of them? 00:05:58.990 --> 00:06:00.860 How many possibilities are there? 00:06:00.860 --> 00:06:01.780 I'm seeing 1,000. 00:06:01.780 --> 00:06:02.800 I'm seeing 10,000. 00:06:02.800 --> 00:06:05.350 I'm seeing 9,999. 00:06:05.350 --> 00:06:06.633 And I'm seeing a whole range. 00:06:06.633 --> 00:06:08.800 And I think a lot of you have the answer is spot on. 00:06:08.800 --> 00:06:10.510 It's 10,000. 00:06:10.510 --> 00:06:11.330 It's 10,000. 00:06:11.330 --> 00:06:11.830 Why? 00:06:11.830 --> 00:06:13.870 Well if we just think about this numerically, 00:06:13.870 --> 00:06:17.110 if I've got four decimal digits, 0 through 9, well, 00:06:17.110 --> 00:06:21.130 the smallest password I could come up with, so to speak, would be 0000. 00:06:21.130 --> 00:06:25.480 And the largest password I could come up with would be 99999. 00:06:25.480 --> 00:06:29.800 Now, you might think OK, well, that's, obviously 9,999 possibilities. 00:06:29.800 --> 00:06:35.770 But not quite because if you include 0000, that's the 10,000th possibility. 00:06:35.770 --> 00:06:39.460 So indeed there's 10,000 possible passwords 00:06:39.460 --> 00:06:42.440 if we're using four digits specifically. 00:06:42.440 --> 00:06:44.890 So how do we actually think about that more generally, 00:06:44.890 --> 00:06:49.250 especially so that we can now figure out the math for larger passwords as well? 00:06:49.250 --> 00:06:52.510 Well, if you've got 0 through 9 as the first possible digit, 00:06:52.510 --> 00:06:54.640 and 0 through 9 as the next, and 0 through 9 00:06:54.640 --> 00:06:57.130 is the third, and 0 through 9 as the fourth, 00:06:57.130 --> 00:07:00.963 you have 10 possibilities times 10 possibilities times 10 times 10. 00:07:00.963 --> 00:07:03.130 This, of course, if we do it out more mathematically 00:07:03.130 --> 00:07:06.550 is 10 to the fourth power, the exponent being 4. 00:07:06.550 --> 00:07:09.080 And that, of course, gives us 10,000 as well. 00:07:09.080 --> 00:07:11.890 So that might be the more mathematical way of approaching it, 00:07:11.890 --> 00:07:17.170 versus just the more intuitive, that 0000 can go all the way up to 9999. 00:07:17.170 --> 00:07:19.960 Now, again, a question for the group, how long 00:07:19.960 --> 00:07:24.130 do you think it might take for an adversary or a hacker 00:07:24.130 --> 00:07:28.540 to get into my device, for instance, my phone, if I do 00:07:28.540 --> 00:07:31.600 have a four-digit password? 00:07:31.600 --> 00:07:35.020 If I've got a four-digit password, this means there might have to try as many 00:07:35.020 --> 00:07:40.510 as 10,000 possibilities because in the easiest case, sure, they get lucky, 00:07:40.510 --> 00:07:43.240 and my password is still the default 0000. 00:07:43.240 --> 00:07:46.810 But in the worst case, I chose 9999, and they don't get to that 00:07:46.810 --> 00:07:48.550 until the very end of their attempts. 00:07:48.550 --> 00:07:50.770 Or maybe I choose something there in between. 00:07:50.770 --> 00:07:54.760 I'm seeing 10 seconds, less than a second, milliseconds, 10 seconds a day, 00:07:54.760 --> 00:07:55.780 4 hours. 00:07:55.780 --> 00:07:58.370 So the responses are all over the place. 00:07:58.370 --> 00:08:02.090 So how can we go about actually measuring this or estimating this? 00:08:02.090 --> 00:08:03.220 Well, let me propose this. 00:08:03.220 --> 00:08:04.928 I'm going to go over to my computer here. 00:08:04.928 --> 00:08:07.870 And even if you've never written any code before, 00:08:07.870 --> 00:08:10.270 let's go ahead and write some code together here. 00:08:10.270 --> 00:08:13.900 I'm going to go ahead and open a program called VS Code, Visual Studio 00:08:13.900 --> 00:08:17.470 Code, which is a free program that we use in CS50 more generally 00:08:17.470 --> 00:08:20.890 that allows me to write code on my Mac or PC or really 00:08:20.890 --> 00:08:22.270 any internet-based device. 00:08:22.270 --> 00:08:25.490 And I can actually write code, and not only write it, but run it. 00:08:25.490 --> 00:08:28.480 And I'm going to write code, in this case, in a language called Python. 00:08:28.480 --> 00:08:30.310 And this is just a very popular language, 00:08:30.310 --> 00:08:34.330 but I could use any of a dozen or more different programming languages. 00:08:34.330 --> 00:08:36.340 And the goal here is not to learn Python-- 00:08:36.340 --> 00:08:38.350 for that, we have whole other classes-- 00:08:38.350 --> 00:08:42.309 but to just demonstrate what an adversary, what a hacker 00:08:42.309 --> 00:08:46.720 need to do if they want to get into, for instance, your iPhone or Android device 00:08:46.720 --> 00:08:50.200 or anything that has just a four-digit password. 00:08:50.200 --> 00:08:52.600 Now, my presumption here for demonstration sake 00:08:52.600 --> 00:08:55.390 is that I'm going to go ahead and write code that just prints 00:08:55.390 --> 00:08:57.680 all possible passwords on the screen. 00:08:57.680 --> 00:09:01.510 But you could imagine if I had a USB cable or maybe a lightning cable, 00:09:01.510 --> 00:09:04.270 I could connect this phone to this laptop, 00:09:04.270 --> 00:09:07.300 especially if it's your phone that I just swiped from a table, 00:09:07.300 --> 00:09:09.250 could quickly plug it into my computer here, 00:09:09.250 --> 00:09:12.790 run the code that I'm about to write, and maybe automatically send 00:09:12.790 --> 00:09:16.510 all 10,000 possibilities to your device before you even 00:09:16.510 --> 00:09:18.010 realize the phone is gone. 00:09:18.010 --> 00:09:19.730 Now, here's how I'm going to do this. 00:09:19.730 --> 00:09:23.080 I'm going to go ahead, and in a text file called crack.py, 00:09:23.080 --> 00:09:24.860 where crack is actually a term of art. 00:09:24.860 --> 00:09:27.550 It just means to figure out what a password is, 00:09:27.550 --> 00:09:29.080 to brute force your way in. 00:09:29.080 --> 00:09:33.220 I'm going to go ahead and from a library called string. 00:09:33.220 --> 00:09:35.740 I'm going to go ahead and import digits. 00:09:35.740 --> 00:09:38.740 Now, this is a very easy way of just giving me 00:09:38.740 --> 00:09:40.360 access to the numbers 0 through 9. 00:09:40.360 --> 00:09:42.745 I could obviously type them all out on my keyboard. 00:09:42.745 --> 00:09:44.620 This is a little faster because this gives me 00:09:44.620 --> 00:09:46.528 like a list of the numbers I care about. 00:09:46.528 --> 00:09:49.070 Now, there's a bunch of different ways I can write this code. 00:09:49.070 --> 00:09:51.160 But what I really want to do intuitively is 00:09:51.160 --> 00:09:53.770 try all possible digits for the first value, 00:09:53.770 --> 00:09:56.980 try all possible digits for the second, then for the third, 00:09:56.980 --> 00:09:58.030 then for the fourth. 00:09:58.030 --> 00:10:00.860 So one way of doing this might be as follows. 00:10:00.860 --> 00:10:04.000 I'm going to use a keyword in Python called for, which just means do 00:10:04.000 --> 00:10:06.130 something for as long as I want you to. 00:10:06.130 --> 00:10:08.770 And then I'm going to give myself a variable, like in math, 00:10:08.770 --> 00:10:11.590 just so I can use something to keep track of each number. 00:10:11.590 --> 00:10:14.530 And I'm going to use a default value of i for integer. 00:10:14.530 --> 00:10:19.340 And then I'm going to go ahead and say that for each value i in those 10 00:10:19.340 --> 00:10:22.130 digits, I want to go ahead and do the following. 00:10:22.130 --> 00:10:25.760 Well, for each of those i digits, for the first value, 00:10:25.760 --> 00:10:28.620 I want to do for j in digits as well. 00:10:28.620 --> 00:10:32.180 And then for each value for my third placeholder, 00:10:32.180 --> 00:10:35.450 I might do something like for k in digits. 00:10:35.450 --> 00:10:38.370 And then lastly, I might do for l in digits. 00:10:38.370 --> 00:10:40.252 So this is admittedly not the best design. 00:10:40.252 --> 00:10:41.960 And those of you who've programmed before 00:10:41.960 --> 00:10:45.812 are probably cringing that I have this indentation, indentation, indentation. 00:10:45.812 --> 00:10:48.770 But it's a simple way of demonstrating, especially for those unfamiliar 00:10:48.770 --> 00:10:51.680 with programming, how we can try all possible first digits, 00:10:51.680 --> 00:10:55.130 all possible second, all possible third, all possible fourth. 00:10:55.130 --> 00:10:59.390 And all I'm going to do, bury inside of this code now is print out the value 00:10:59.390 --> 00:11:06.890 of i, j, k, and l so that iteratively, we should see on the screen 0000 00:11:06.890 --> 00:11:09.560 and then all the way up to 9999. 00:11:09.560 --> 00:11:12.770 So if you assume that I've connected my phone to this laptop, 00:11:12.770 --> 00:11:17.160 ideally, then, we'll have an estimation of how long it might take until we 00:11:17.160 --> 00:11:20.440 actually have cracked into the device. 00:11:20.440 --> 00:11:22.060 So let's go ahead and do this. 00:11:22.060 --> 00:11:24.720 I'm going to open up a separate window on my screen here called 00:11:24.720 --> 00:11:25.960 a terminal window. 00:11:25.960 --> 00:11:29.740 And I'm going to go ahead and run Python of crack.py. 00:11:29.740 --> 00:11:31.500 So in just a moment we're going to see is 00:11:31.500 --> 00:11:36.270 it going to take a few minutes, a few milliseconds, a day, four hours, or-- 00:11:36.270 --> 00:11:37.320 here we go. 00:11:37.320 --> 00:11:42.330 1, 2, 3, go. 00:11:42.330 --> 00:11:46.990 So those of you who estimated just a few milliseconds were spot on. 00:11:46.990 --> 00:11:48.190 So what's the takeaway here? 00:11:48.190 --> 00:11:50.580 Well, apparently using a four-digit password 00:11:50.580 --> 00:11:54.060 is not very secure at all because look how quickly 00:11:54.060 --> 00:11:57.630 I, the adversary, the hacker in the story, was able to get into your phone. 00:11:57.630 --> 00:11:59.340 And in fact, I could probably unplug it at that point 00:11:59.340 --> 00:12:01.923 because I've gotten whatever data I care about off your phone. 00:12:01.923 --> 00:12:04.030 And you might not be none the wiser. 00:12:04.030 --> 00:12:07.270 So how can we go about improving upon this system? 00:12:07.270 --> 00:12:10.020 Well, let me propose that instead of using a four-digit passcode, 00:12:10.020 --> 00:12:11.638 let's use four letters instead. 00:12:11.638 --> 00:12:13.930 And we'll use English because that's what I speak well. 00:12:13.930 --> 00:12:17.610 And in English, we have 26 letters of the alphabet, A through Z. 00:12:17.610 --> 00:12:18.390 But you know what? 00:12:18.390 --> 00:12:23.100 That might give us initially 26 possibilities for the first position, 00:12:23.100 --> 00:12:26.820 times 26, times 26, times 26 for the second through fourth. 00:12:26.820 --> 00:12:30.880 But let me propose that we actually use lowercase and uppercase letters. 00:12:30.880 --> 00:12:35.680 So that gives me not 26, but 52 possibilities for each location. 00:12:35.680 --> 00:12:40.500 So if I do 52 possibilities, that's 52 to the fourth power. 00:12:40.500 --> 00:12:43.980 And does anyone want to estimate how many possible passwords there 00:12:43.980 --> 00:12:51.340 are if I'm using four English letters now, uppercase or lowercase? 00:12:51.340 --> 00:12:53.790 I'm seeing 26 to the fourth power. 00:12:53.790 --> 00:12:56.290 But that's not right if we're using uppercase and lowercase. 00:12:56.290 --> 00:12:58.270 It's indeed 52 to the fourth power. 00:12:58.270 --> 00:13:00.220 And I'm seeing "a lot." 00:13:00.220 --> 00:13:05.450 But here we have estimates along the lines of indeed 7 million as well. 00:13:05.450 --> 00:13:08.457 So with 7 million possibilities, you might think, OK, surely, 00:13:08.457 --> 00:13:09.790 that's going to be a lot better. 00:13:09.790 --> 00:13:12.873 And it's going to take the adversary a lot longer to hack into this phone. 00:13:12.873 --> 00:13:13.720 But let's try that. 00:13:13.720 --> 00:13:16.160 Let me go back to my terminal window here. 00:13:16.160 --> 00:13:20.380 Let me reopen now my code file, and let's go ahead and use not digits, 00:13:20.380 --> 00:13:22.960 but let's go ahead and use ASCII letters. 00:13:22.960 --> 00:13:27.370 For those unfamiliar, ASCII letters are simply the letters A 00:13:27.370 --> 00:13:30.800 through Z in both uppercase and lowercase. 00:13:30.800 --> 00:13:35.140 Now, here I have to go ahead and change this from digits to ASCII letters, 00:13:35.140 --> 00:13:40.330 from digits to ASCII letters, from digits to ASCII letters, 00:13:40.330 --> 00:13:43.030 and lastly, from digits to ASCII letters. 00:13:43.030 --> 00:13:45.700 Again, there's an easier way I could implement this code 00:13:45.700 --> 00:13:47.980 to be more succinct and less duplicative, 00:13:47.980 --> 00:13:52.040 but it involves some features that we'll introduce in another class altogether. 00:13:52.040 --> 00:13:56.180 But now I have all possible ASCII letters from my first placeholder 00:13:56.180 --> 00:13:57.020 to the last. 00:13:57.020 --> 00:13:59.510 Let's go ahead and open up that same terminal window. 00:13:59.510 --> 00:14:01.010 Let's run Python of crack.py. 00:14:01.010 --> 00:14:04.550 And here now is the answer to how long might it take an adversary 00:14:04.550 --> 00:14:09.050 to get into your phone if you're using four letters of the English alphabet 00:14:09.050 --> 00:14:12.950 for your password instead. 00:14:12.950 --> 00:14:16.560 So this time, I have enough time to walk all the way over to the screen here. 00:14:16.560 --> 00:14:19.920 And you can see that we're going in alphabetical order, first lowercase, 00:14:19.920 --> 00:14:20.570 now uppercase. 00:14:20.570 --> 00:14:22.910 But in just a moment, we are done. 00:14:22.910 --> 00:14:25.580 And we're down all the way to ZZZZ. 00:14:25.580 --> 00:14:28.490 So that was a few seconds, which is indeed slower, 00:14:28.490 --> 00:14:30.780 but that really wasn't that much effort at all. 00:14:30.780 --> 00:14:33.590 So presumably, then, even four letters of the alphabet 00:14:33.590 --> 00:14:35.180 might not be enough to keep us secure. 00:14:35.180 --> 00:14:38.690 So let me go ahead and do what we all are told to do anyway, 00:14:38.690 --> 00:14:42.380 which is to go into your phone or whatever device in question 00:14:42.380 --> 00:14:45.390 and actually use four characters perhaps instead. 00:14:45.390 --> 00:14:49.010 So not just letters, not just digits, but let's toss in some punctuation 00:14:49.010 --> 00:14:49.860 as well. 00:14:49.860 --> 00:14:52.910 And in the world of punctuation, at least on a US English keyboard, 00:14:52.910 --> 00:14:58.320 there's typically as many as 94 possibilities for letters, numbers, 00:14:58.320 --> 00:15:02.750 and punctuation because we have 26 lowercase letters, 26 00:15:02.750 --> 00:15:06.380 uppercase letters, 10 decimal digits, 0 through 9, 00:15:06.380 --> 00:15:11.610 and another 32 punctuation symbols that we can add into the mix as well. 00:15:11.610 --> 00:15:15.200 So that gives me 94 possible keys that I can hit here, 00:15:15.200 --> 00:15:17.300 or 94 to the fourth power. 00:15:17.300 --> 00:15:19.670 And does anyone want to estimate what this is? 00:15:19.670 --> 00:15:23.540 We've gone from 10,000 to 7 million to I'm 00:15:23.540 --> 00:15:27.260 seeing it in the chat, roughly 78 million possibilities, so 00:15:27.260 --> 00:15:29.820 in some sense, 10 times more secure. 00:15:29.820 --> 00:15:32.870 Let's go back to my terminal window, open up my code here, 00:15:32.870 --> 00:15:37.040 and import not only ASCII letters, but also the digits from before, and also, 00:15:37.040 --> 00:15:39.420 this time, some punctuation as well. 00:15:39.420 --> 00:15:41.870 Now let's go ahead and change just the ASCII letters alone 00:15:41.870 --> 00:15:45.410 to ASCII letters plus those digits plus that punctuation. 00:15:45.410 --> 00:15:49.250 And just to save some time, I'm going to highlight and copy what I just typed, 00:15:49.250 --> 00:15:52.460 and I'm going to change the second position, the third position, 00:15:52.460 --> 00:15:57.320 and the fourth position, as well, to use that combination of 94 possibilities. 00:15:57.320 --> 00:15:59.330 I'm going to open up my terminal window again. 00:15:59.330 --> 00:16:01.280 I'm going to run Python of crack.py. 00:16:01.280 --> 00:16:04.130 And this time, because we have 10 times as many possibilities, 00:16:04.130 --> 00:16:09.110 I kind of had 10 times the amount of time to walk over to the screen 00:16:09.110 --> 00:16:14.810 because indeed we're still in the lowercase Es, Fs, Gs, Hs. 00:16:14.810 --> 00:16:17.028 And now it looks a bit like a Hollywood movie maybe. 00:16:17.028 --> 00:16:19.820 You can perhaps see, even though it's going across the screen fast, 00:16:19.820 --> 00:16:21.528 that there's a lot of cryptic output here 00:16:21.528 --> 00:16:24.590 because we're running through all of the letters, the digits, 00:16:24.590 --> 00:16:25.710 and the punctuation. 00:16:25.710 --> 00:16:27.770 So it looks a little fancy at that. 00:16:27.770 --> 00:16:30.110 Now, you might recall, too, from Hollywood movies, 00:16:30.110 --> 00:16:32.000 too, that they tend to be very dramatic. 00:16:32.000 --> 00:16:36.290 And so instead of just doing this, which is iterating from left to right very 00:16:36.290 --> 00:16:38.967 slowly, the movies and TV shows tend to very dramatically 00:16:38.967 --> 00:16:42.050 get, like, the third character right, then the first character right, then 00:16:42.050 --> 00:16:42.800 the fourth character right. 00:16:42.800 --> 00:16:45.050 And then just in time, you get the second one as well. 00:16:45.050 --> 00:16:47.090 That's not really ho brute force works. 00:16:47.090 --> 00:16:51.570 You tend to do things methodically, not jumping around from symbol to symbol. 00:16:51.570 --> 00:16:53.280 But this is clearly taking a long time. 00:16:53.280 --> 00:16:56.750 And I'm not even going to finish waiting for this to go because we still have 00:16:56.750 --> 00:16:58.320 to get through all the punctuation. 00:16:58.320 --> 00:17:02.750 So this is to say, ultimately, that 78 million possibilities is actually 00:17:02.750 --> 00:17:04.640 getting up there pretty fast. 00:17:04.640 --> 00:17:07.280 But honestly, if we come back in like a minute or so, 00:17:07.280 --> 00:17:09.770 I bet that will be finished nonetheless. 00:17:09.770 --> 00:17:14.089 And none of us hopefully has a password that's only four characters 00:17:14.089 --> 00:17:17.390 nowadays, letters, numbers, and punctuation. 00:17:17.390 --> 00:17:20.450 Odds are it's at least a conventional eight characters. 00:17:20.450 --> 00:17:24.228 And indeed most websites and apps require as much of you as well. 00:17:24.228 --> 00:17:26.270 Now, the math here is pretty straightforward too. 00:17:26.270 --> 00:17:32.000 If you have 94 possibilities, but you have eight characters in total now, now 00:17:32.000 --> 00:17:34.460 that's 94 to the eighth power. 00:17:34.460 --> 00:17:37.310 And does anyone want a ballpark just how many 00:17:37.310 --> 00:17:40.970 passwords are possible if it's only eight characters, which 00:17:40.970 --> 00:17:46.190 isn't even that long but you have eight of them total? 00:17:46.190 --> 00:17:48.770 Too many, comes back one answer. 00:17:48.770 --> 00:17:50.168 Too much to count. 00:17:50.168 --> 00:17:51.460 I see that we've given up here. 00:17:51.460 --> 00:17:52.980 But, oh, I did see one in the chat. 00:17:52.980 --> 00:17:56.493 It's roughly this many possible passwords, 00:17:56.493 --> 00:17:58.410 which is actually a little hard to figure out. 00:17:58.410 --> 00:18:03.630 So this is, let's see, millions, billions, trillions quadrillions. 00:18:03.630 --> 00:18:06.520 So this is 6 quadrillion possibilities. 00:18:06.520 --> 00:18:07.770 So now we're talking. 00:18:07.770 --> 00:18:13.230 Now the adversary is probably going to run out of time, run out of energy, 00:18:13.230 --> 00:18:15.960 run out of money, run out of lifetime if it's 00:18:15.960 --> 00:18:18.690 going to take this much time to try to crack, 00:18:18.690 --> 00:18:21.660 so to speak, your particular password. 00:18:21.660 --> 00:18:25.050 And so here's one of our first takeaways when it comes to cybersecurity 00:18:25.050 --> 00:18:26.430 and securing our accounts. 00:18:26.430 --> 00:18:30.062 It really is this game of relativity and resources. 00:18:30.062 --> 00:18:32.520 What we're really doing here is not something fundamentally 00:18:32.520 --> 00:18:37.980 different by adding in digits and letters and punctuation. 00:18:37.980 --> 00:18:41.070 It sort of still the same formula, the same approach to our passwords. 00:18:41.070 --> 00:18:44.820 But as we add complexity, and as we make it longer and longer, 00:18:44.820 --> 00:18:47.640 we're raising the bar to the adversary. 00:18:47.640 --> 00:18:48.390 Why? 00:18:48.390 --> 00:18:53.163 Well, so long as you and I don't do something dumb like still choose 0000 00:18:53.163 --> 00:18:59.190 0000 so long as we're choosing something that's pretty random in that range of 6 00:18:59.190 --> 00:19:04.110 quadrillion possibilities, it's going to take the adversary way more time than 00:19:04.110 --> 00:19:07.800 it would otherwise to brute force their way into that password. 00:19:07.800 --> 00:19:10.770 And so by the time they finally get into the account, 00:19:10.770 --> 00:19:12.720 you might have changed the password already, 00:19:12.720 --> 00:19:15.870 you might not be using the account anymore, or you or the adversary 00:19:15.870 --> 00:19:18.690 might not even be on this planet anymore. 00:19:18.690 --> 00:19:19.980 And that's indeed the goal. 00:19:19.980 --> 00:19:22.120 But there is a downside, of course. 00:19:22.120 --> 00:19:26.020 The longer your password gets, and the more complicated it gets, 00:19:26.020 --> 00:19:28.890 the more likely you and I are to not even be 00:19:28.890 --> 00:19:30.880 able to remember what that password is. 00:19:30.880 --> 00:19:33.660 And so here is that sort of balancing act, trying 00:19:33.660 --> 00:19:37.530 to figure out this balance between the usability of the account, just how user 00:19:37.530 --> 00:19:41.550 friendly it is to access, versus the security of that account. 00:19:41.550 --> 00:19:44.640 And finding that inflection point is somewhat personal or somewhat 00:19:44.640 --> 00:19:46.920 corporate in policy, typically. 00:19:46.920 --> 00:19:50.790 Well, let me pause here and see if there are any questions now 00:19:50.790 --> 00:19:54.240 on securing our accounts via passwords alone. 00:19:54.240 --> 00:19:56.370 AUDIENCE: I was wondering. 00:19:56.370 --> 00:19:59.610 A couple of years ago, there were devices, USB devices, 00:19:59.610 --> 00:20:02.190 with fingerprint recognition. 00:20:02.190 --> 00:20:05.670 How come that's not more frequently used? 00:20:05.670 --> 00:20:07.533 Or are they too expensive or-- 00:20:07.533 --> 00:20:09.450 DAVID MALAN: A really good question, and we'll 00:20:09.450 --> 00:20:12.870 come to this topic in a little bit on biometrics more generally. 00:20:12.870 --> 00:20:14.550 But your intuition is pretty much right. 00:20:14.550 --> 00:20:16.507 It's expensive to have another device. 00:20:16.507 --> 00:20:18.840 And most consumers are not going to bother wasting money 00:20:18.840 --> 00:20:20.070 on something just for them. 00:20:20.070 --> 00:20:21.240 Some companies might. 00:20:21.240 --> 00:20:23.940 But if they have a lot of employees, that could get very costly. 00:20:23.940 --> 00:20:27.300 But you might be glad to know that one of the topics we'll end on today 00:20:27.300 --> 00:20:31.440 is a new technology called passkeys that actually leverages 00:20:31.440 --> 00:20:36.090 a device you most likely already have, a phone, that might use your fingerprint 00:20:36.090 --> 00:20:39.000 or might use your face or some other form of biometrics. 00:20:39.000 --> 00:20:42.240 That's becoming more common nowadays, or soon will, 00:20:42.240 --> 00:20:47.770 even for your laptop and desktop which will talk to that phone, in some form. 00:20:47.770 --> 00:20:51.720 How about one more question here on securing accounts. 00:20:51.720 --> 00:20:59.130 AUDIENCE: My question is, why if four-digits password is so unsafe, 00:20:59.130 --> 00:21:04.877 why is some program still using this password not a website, like program? 00:21:04.877 --> 00:21:06.460 DAVID MALAN: Oh, really good question. 00:21:06.460 --> 00:21:08.280 Why are some programmers using this? 00:21:08.280 --> 00:21:11.520 So it's a trade off between usability and security. 00:21:11.520 --> 00:21:14.010 If you are the programmer designing the system, 00:21:14.010 --> 00:21:17.460 you presumably want users to use the system and to come back 00:21:17.460 --> 00:21:18.700 and to keep using it. 00:21:18.700 --> 00:21:21.570 But if you make it too hard for them to access 00:21:21.570 --> 00:21:24.240 that account, if you increase the probability that they're 00:21:24.240 --> 00:21:27.150 going to constantly forget their password, lose their password, 00:21:27.150 --> 00:21:31.480 they might just stop using your system or your app or your website altogether. 00:21:31.480 --> 00:21:33.850 And so that's probably not a good thing. 00:21:33.850 --> 00:21:36.210 Other reasons might include just unawareness 00:21:36.210 --> 00:21:41.070 or not having taken a class on cybersecurity or not having really 00:21:41.070 --> 00:21:45.450 thought through the implications of having such short passcodes. 00:21:45.450 --> 00:21:48.287 So nowadays is industry's starting to nudge us 00:21:48.287 --> 00:21:49.620 in better and better directions. 00:21:49.620 --> 00:21:51.630 But we'll see today and the rest of this class 00:21:51.630 --> 00:21:55.650 that there are still going to be a lot of trade offs, again, between usability 00:21:55.650 --> 00:21:56.730 and security. 00:21:56.730 --> 00:22:00.060 So what can we do to defend ourselves against these brute force attacks? 00:22:00.060 --> 00:22:02.310 Well, at least here in the US, there's an organization 00:22:02.310 --> 00:22:05.190 called the National Institute of Standards and Technology, 00:22:05.190 --> 00:22:08.310 Otherwise known as NIST, that actually issues recommendations 00:22:08.310 --> 00:22:11.370 for how we as consumers or companies or more generally, 00:22:11.370 --> 00:22:14.520 humans can go about securing their accounts more effectively. 00:22:14.520 --> 00:22:17.020 And we thought we'd share just some of these recommendations 00:22:17.020 --> 00:22:21.420 so that it informs not only your own behavior as an individual citizen 00:22:21.420 --> 00:22:24.390 or consumer, but perhaps if you're in a place of business 00:22:24.390 --> 00:22:27.450 where you can influence your own company's policies, 00:22:27.450 --> 00:22:31.180 here are generally what are considered best practices nowadays. 00:22:31.180 --> 00:22:34.560 So a quote from their recommendations, "memorized secrets 00:22:34.560 --> 00:22:37.560 shall be at least eight characters in length." 00:22:37.560 --> 00:22:40.500 So that at least corroborates the quick math and the test 00:22:40.500 --> 00:22:43.260 that we ourselves just ran, that only once we got up to, like, 00:22:43.260 --> 00:22:45.900 6 quadrillion possibilities did it feel like it 00:22:45.900 --> 00:22:51.490 was going to take a very long time to actually hack into someone's device. 00:22:51.490 --> 00:22:54.430 So consider that for your own accounts, even on your phones. 00:22:54.430 --> 00:22:56.620 You might have to go through a few menu options 00:22:56.620 --> 00:22:59.890 to upgrade from just four digits to something more. 00:22:59.890 --> 00:23:04.270 But odds are you'll benefit from this additional layer of security. 00:23:04.270 --> 00:23:06.070 This one's more of a mouthful but helpful 00:23:06.070 --> 00:23:09.790 as well, "verifiers," so the website or app that's 00:23:09.790 --> 00:23:12.670 verifying your input when you authenticate with your username 00:23:12.670 --> 00:23:17.440 and password-- "verifiers should permit subscriber-chosen memorized secrets 00:23:17.440 --> 00:23:21.220 of at least 64 characters in length. 00:23:21.220 --> 00:23:24.520 All printing ASCII characters as well as the space characters 00:23:24.520 --> 00:23:27.250 should be acceptable in memorized secrets. 00:23:27.250 --> 00:23:30.110 Unicode characters should be accepted as well." 00:23:30.110 --> 00:23:32.440 Now, if you're not yourself a computer person, 00:23:32.440 --> 00:23:34.150 there's a bit of jargon within this. 00:23:34.150 --> 00:23:38.350 But first of all, the takeaways are that websites and applications should 00:23:38.350 --> 00:23:41.050 let you and me come up with passwords that 00:23:41.050 --> 00:23:43.700 are actually as long as 64 characters. 00:23:43.700 --> 00:23:46.460 Now, that's pretty long, but that's exactly the point, 00:23:46.460 --> 00:23:48.580 particularly as it's gotten more difficult 00:23:48.580 --> 00:23:51.410 for you and I to remember all of our passwords, 00:23:51.410 --> 00:23:53.540 to come up with very complex passwords. 00:23:53.540 --> 00:23:57.320 The reality is you and I might very well be better off, 00:23:57.320 --> 00:24:02.840 on the whole, by just choosing an easier-to-remember but much longer 00:24:02.840 --> 00:24:06.920 password, for instance, a sentence, a quote, a phrase that you 00:24:06.920 --> 00:24:10.520 can more easily keep in your human mind but that doesn't necessarily 00:24:10.520 --> 00:24:14.270 have a crazy amount of punctuation or digits or letters, 00:24:14.270 --> 00:24:17.490 but at least is 64 characters in length. 00:24:17.490 --> 00:24:20.570 So even if an adversary tries a dictionary attack, 00:24:20.570 --> 00:24:23.280 trying all possible English words or some other language, 00:24:23.280 --> 00:24:27.290 even if they try a brute force attack, it's going to take them way too long 00:24:27.290 --> 00:24:31.310 unless, of course, you do something foolish like choose a 64-character 00:24:31.310 --> 00:24:35.280 passcode that's 000 or so forth. 00:24:35.280 --> 00:24:37.460 So you still want to be original within that space. 00:24:37.460 --> 00:24:40.730 Now, more technically, this recommendation is referring to ASCII. 00:24:40.730 --> 00:24:45.440 ASCII generally refers to US English symbols on a US English keyboard, 00:24:45.440 --> 00:24:47.930 as was the origin of this code system. 00:24:47.930 --> 00:24:50.510 So that includes A through Z, 0 through 9, 00:24:50.510 --> 00:24:52.700 and the punctuation I alluded to earlier. 00:24:52.700 --> 00:24:55.010 But websites and apps nowadays should also 00:24:55.010 --> 00:25:00.260 support Unicode, including things like emoji and other accented characters 00:25:00.260 --> 00:25:03.800 or symbols that you might have in languages beyond English. 00:25:03.800 --> 00:25:07.490 Unfortunately, this is not really common practice, I dare say. 00:25:07.490 --> 00:25:11.420 Just yesterday, I created an account on a new website for the first time, 00:25:11.420 --> 00:25:14.480 and it made me jump through hoops, so to speak, figuring out 00:25:14.480 --> 00:25:18.110 the right number of uppercase letters, lowercase letters, punctuation, 00:25:18.110 --> 00:25:21.570 and even then it told me I can only use certain punctuation. 00:25:21.570 --> 00:25:24.050 So I had to think about now which symbols I'm using. 00:25:24.050 --> 00:25:27.388 That is a lot of friction that is not good for usability. 00:25:27.388 --> 00:25:29.930 And it's of questionable value for the security of the system 00:25:29.930 --> 00:25:32.180 if I can't even remember the thing afterward. 00:25:32.180 --> 00:25:35.930 So keep this in mind, in general, that your password should not only 00:25:35.930 --> 00:25:39.200 be eight characters, minimally, but most apps 00:25:39.200 --> 00:25:42.260 and websites you maybe yourself develop moving forward 00:25:42.260 --> 00:25:45.000 should allow much longer passwords as well. 00:25:45.000 --> 00:25:47.450 And you as the human can use longer passwords 00:25:47.450 --> 00:25:49.380 if systems allow them as well. 00:25:49.380 --> 00:25:52.220 Now, here's another set of recommendations from NIST. 00:25:52.220 --> 00:25:55.490 "Verifiers--" the website or the apps that we're using-- 00:25:55.490 --> 00:25:57.800 "shall compare the prospective secrets--" 00:25:57.800 --> 00:26:00.740 the passwords you're choosing-- "against a list that contains 00:26:00.740 --> 00:26:05.093 values known to be commonly used, expected, or compromised." 00:26:05.093 --> 00:26:07.010 So that is to say when you type in a password, 00:26:07.010 --> 00:26:09.410 if it's already been a commonly used password, 00:26:09.410 --> 00:26:12.350 if it's very easily guessable, the website or app should probably 00:26:12.350 --> 00:26:14.960 say, uh, pick a better password than that 00:26:14.960 --> 00:26:17.628 just to decrease the probability that an adversary is 00:26:17.628 --> 00:26:18.920 going to get into that account. 00:26:18.920 --> 00:26:21.650 Specifically, NIST recommends that "passwords 00:26:21.650 --> 00:26:24.320 obtained from previous breached corpuses--" 00:26:24.320 --> 00:26:28.970 which is a fancy way of saying if some website, some database has been hacked, 00:26:28.970 --> 00:26:32.060 and that database contains usernames and passwords, 00:26:32.060 --> 00:26:34.100 and those passwords have now been uploaded 00:26:34.100 --> 00:26:38.780 to the internet for adversaries or anyone to download and browse, 00:26:38.780 --> 00:26:41.990 well, then you should not be allowed to pick a password from that list 00:26:41.990 --> 00:26:44.540 because it's essentially an alternative dictionary. 00:26:44.540 --> 00:26:48.740 It essentially is a list of passwords that a smart adversary should just 00:26:48.740 --> 00:26:52.430 start with before they even bother resorting to brute force, which 00:26:52.430 --> 00:26:54.440 we've seen would take much more time. 00:26:54.440 --> 00:26:56.220 Two, dictionary words. 00:26:56.220 --> 00:26:58.510 So this we've already stipulated would be a good thing 00:26:58.510 --> 00:27:01.010 to avoid because there's just much too easy for an adversary 00:27:01.010 --> 00:27:03.800 to go through a big list of English words or some other language 00:27:03.800 --> 00:27:05.090 and try those first. 00:27:05.090 --> 00:27:10.430 Three, repetitive or sequential characters, aaaaaa 00:27:10.430 --> 00:27:16.100 or a slightly more creatively but not good enough, 1235abcd. 00:27:16.100 --> 00:27:20.660 I would also add 0000 and so forth into that category as well. 00:27:20.660 --> 00:27:23.720 It's just too easy for the adversary to guess 00:27:23.720 --> 00:27:26.780 that maybe you're doing something repetitive like that too. 00:27:26.780 --> 00:27:31.070 And then lastly, context-specific words, such as the name of the service, 00:27:31.070 --> 00:27:33.720 the username, and derivatives thereof. 00:27:33.720 --> 00:27:37.340 This is to say, if you sign up for a Gmail account for the first time, 00:27:37.340 --> 00:27:41.210 you should not be allowed by Google to choose a password 00:27:41.210 --> 00:27:43.790 like "Gmail password," quote unquote. 00:27:43.790 --> 00:27:45.650 If you sign up for an Amazon account, you 00:27:45.650 --> 00:27:48.350 should not be allowed by Amazon to have your password be 00:27:48.350 --> 00:27:53.090 "Amazon password" or some such variant thereof because smart adversaries are 00:27:53.090 --> 00:27:54.590 going to try those same heuristics. 00:27:54.590 --> 00:27:55.640 And that's the catch too. 00:27:55.640 --> 00:27:58.790 If you can think of it, even if you think you're being clever, 00:27:58.790 --> 00:28:02.880 odds are a just-as-clever adversary can think of that heuristic as well 00:28:02.880 --> 00:28:07.100 and prioritize those tricks before they resort to brute force, 00:28:07.100 --> 00:28:09.530 like I did on my own laptop. 00:28:09.530 --> 00:28:11.480 A few other recommendations as well. 00:28:11.480 --> 00:28:15.470 "Memorized secret verifiers shall not permit the subscriber 00:28:15.470 --> 00:28:20.060 to store a hint that is inaccessible to an unauthenticated claimant. 00:28:20.060 --> 00:28:23.880 Verifiers shall now prompt subscribers to use specific types of information, 00:28:23.880 --> 00:28:27.890 for instance, 'what was the name of your first pet?' when choosing memorize 00:28:27.890 --> 00:28:28.460 secrets." 00:28:28.460 --> 00:28:32.330 So there are a lot of companies, a lot of websites, a lot of applications that 00:28:32.330 --> 00:28:35.000 violate this recommendation nowadays. 00:28:35.000 --> 00:28:37.370 And in fact, I bet you can think of one or more accounts 00:28:37.370 --> 00:28:40.490 that you have where you've had to tell them, for instance, what 00:28:40.490 --> 00:28:44.180 was the name of your first pet or your first car or your mother 00:28:44.180 --> 00:28:46.040 or father's name or the like. 00:28:46.040 --> 00:28:49.530 That's not good to collect either, nor is a hint 00:28:49.530 --> 00:28:52.080 a good thing because frankly, you and I are 00:28:52.080 --> 00:28:56.310 all too often in the habit of maybe typing into that hint field, 00:28:56.310 --> 00:28:59.580 if it's available, a question that's meant to help 00:28:59.580 --> 00:29:01.320 you remember what your password was. 00:29:01.320 --> 00:29:05.850 But if your hint is something like, my password is the name of my first pet, 00:29:05.850 --> 00:29:08.940 well, you're now just leaking information to the world. 00:29:08.940 --> 00:29:12.060 And anyone who can go online and figure out that information 00:29:12.060 --> 00:29:14.830 can now get into your account as well. 00:29:14.830 --> 00:29:17.340 And so that's really the threat, in this case. 00:29:17.340 --> 00:29:20.430 If you start using personally identifiable information 00:29:20.430 --> 00:29:24.780 in this age of social media and websites like LinkedIn and the like, 00:29:24.780 --> 00:29:29.020 there's just so much information out there about us that can be discovered. 00:29:29.020 --> 00:29:32.130 You don't want to fill all of these databases, all of these systems 00:29:32.130 --> 00:29:35.310 with each of these tidbits about you because a smart adversary 00:29:35.310 --> 00:29:38.580 with enough time and enough focus on you can probably 00:29:38.580 --> 00:29:41.470 figure out all of those same values. 00:29:41.470 --> 00:29:42.480 So what more? 00:29:42.480 --> 00:29:45.840 "Verifiers shall not require memorized secrets 00:29:45.840 --> 00:29:48.960 to be changed arbitrarily, for instance, periodically." 00:29:48.960 --> 00:29:51.300 So this one, too, is something that a lot of companies 00:29:51.300 --> 00:29:53.700 violate as a recommendation still. 00:29:53.700 --> 00:29:56.130 If you're in a corporate workplace, in particular, 00:29:56.130 --> 00:29:59.040 and you're being required by the system administrators 00:29:59.040 --> 00:30:02.740 to change your password every month, maybe every three months, 00:30:02.740 --> 00:30:07.800 six months, every year perhaps, that's not generally recommended anymore, 00:30:07.800 --> 00:30:13.240 even though not too long ago, it did feel like, sound like a best practice. 00:30:13.240 --> 00:30:18.960 But why is this not recommended anymore, to have you forcibly 00:30:18.960 --> 00:30:23.670 change your password periodically, like every few months? 00:30:23.670 --> 00:30:26.050 AUDIENCE: Because the password will be easily forgotten 00:30:26.050 --> 00:30:29.160 and be more vulnerable to brute force attacks. 00:30:29.160 --> 00:30:31.350 DAVID MALAN: Why would it be more vulnerable? 00:30:31.350 --> 00:30:35.490 AUDIENCE: Because the hackers can get access to all passwords 00:30:35.490 --> 00:30:37.553 and get hints about the new password. 00:30:37.553 --> 00:30:38.220 DAVID MALAN: OK. 00:30:38.220 --> 00:30:42.690 So yes, one danger of forcing you and me to change our password too frequently 00:30:42.690 --> 00:30:45.570 is that you and I do not tend to exert much effort when 00:30:45.570 --> 00:30:46.950 we're required to do so. 00:30:46.950 --> 00:30:51.455 For instance, if my password today is, for instance, password 1, well, 00:30:51.455 --> 00:30:53.580 you know what my password might be in three months? 00:30:53.580 --> 00:30:57.120 Password 2 or in another three months, password 3. 00:30:57.120 --> 00:30:59.460 You and I might exert the minimal amount of energy 00:30:59.460 --> 00:31:02.250 to change the password so that we meet the company's requirements 00:31:02.250 --> 00:31:04.590 but so that it's not too hard for you and me to remember 00:31:04.590 --> 00:31:05.670 what the new password is. 00:31:05.670 --> 00:31:09.510 And so indeed, if information about my past passwords leaks out 00:31:09.510 --> 00:31:11.670 and some adversary sees, oh, well, wait a minute, 00:31:11.670 --> 00:31:14.190 your password was password 2 last month, I'm 00:31:14.190 --> 00:31:17.520 just going to guess heuristically that this month it's password 3. 00:31:17.520 --> 00:31:19.680 We might indeed be leaking information. 00:31:19.680 --> 00:31:21.900 What's another reason that you might not want 00:31:21.900 --> 00:31:26.220 to require humans to change their passwords arbitrarily 00:31:26.220 --> 00:31:28.358 on some schedule like this? 00:31:28.358 --> 00:31:30.150 AUDIENCE: We keep forgetting our passwords, 00:31:30.150 --> 00:31:32.950 too, if we change it too frequently. 00:31:32.950 --> 00:31:34.980 So that is not a good practice for a website. 00:31:34.980 --> 00:31:35.855 DAVID MALAN: Exactly. 00:31:35.855 --> 00:31:38.340 If you make me change my password too frequently, 00:31:38.340 --> 00:31:41.160 honestly, I'm probably going to forget what my next password is 00:31:41.160 --> 00:31:42.960 because I'm going to get confused with last month's 00:31:42.960 --> 00:31:44.418 or the previous months or the like. 00:31:44.418 --> 00:31:47.130 And so there's these sociological effects on us humans, 00:31:47.130 --> 00:31:51.300 just being human, not being very good at remembering not only the first password 00:31:51.300 --> 00:31:55.060 you made me choose that's very complex, but the second and the third as well. 00:31:55.060 --> 00:31:58.290 And so generally, you should not come up with such a scheme anymore because 00:31:58.290 --> 00:31:59.850 of these adverse side effects. 00:31:59.850 --> 00:32:02.070 And how about one more recommendation here? 00:32:02.070 --> 00:32:05.670 "Verifiers shall implement a rate-limiting mechanism 00:32:05.670 --> 00:32:09.480 that effectively limits the number of failed authentication attempts that can 00:32:09.480 --> 00:32:11.730 be made on the subscriber's account." 00:32:11.730 --> 00:32:13.162 Now, what do we mean by this? 00:32:13.162 --> 00:32:15.120 Well, odds are this is something you yourselves 00:32:15.120 --> 00:32:18.780 might have experienced if, for instance, you forgot your password 00:32:18.780 --> 00:32:20.550 or you kept typing it slightly wrong. 00:32:20.550 --> 00:32:22.560 Maybe your phone screen was wet so it wasn't 00:32:22.560 --> 00:32:24.660 registering your fingertips properly. 00:32:24.660 --> 00:32:27.420 It turns out you can lock yourself out of your own phone. 00:32:27.420 --> 00:32:30.270 And you might have, in fact, seen something like this on iPhone. 00:32:30.270 --> 00:32:32.910 Android has a similar screen, if, for instance, you 00:32:32.910 --> 00:32:36.420 type in the wrong passcode 10 times in a row. 00:32:36.420 --> 00:32:41.700 The presumption, by Apple and Google and others, is that if after 10 times 00:32:41.700 --> 00:32:44.340 you still haven't inputted your password correctly, 00:32:44.340 --> 00:32:48.360 it's probably a higher probability that you are not David, 00:32:48.360 --> 00:32:52.310 that you are not you, but rather it's someone else who has taken your phone, 00:32:52.310 --> 00:32:55.100 stolen your phone, and is trying to get into it. 00:32:55.100 --> 00:32:57.030 Now that's not always the case. 00:32:57.030 --> 00:33:00.110 You can imagine situations where you just were being absent minded. 00:33:00.110 --> 00:33:01.250 You were half asleep. 00:33:01.250 --> 00:33:04.680 Maybe you weren't really focusing on it, and you locked yourself out. 00:33:04.680 --> 00:33:08.900 And so there, too is, again, a trade off between usability and security. 00:33:08.900 --> 00:33:12.290 But the higher probability event after 10 wrong attempts 00:33:12.290 --> 00:33:16.010 probably tends to be that it's an adversary trying to get in and not you. 00:33:16.010 --> 00:33:17.960 But what's the point of this? 00:33:17.960 --> 00:33:21.650 Beyond annoying the adversary and maybe more significantly, 00:33:21.650 --> 00:33:25.970 really annoying you when it happens by accident, what this effectively does 00:33:25.970 --> 00:33:28.290 is it slows the adversary down. 00:33:28.290 --> 00:33:32.060 In other words, it increases the cost of this attack to the adversary. 00:33:32.060 --> 00:33:32.600 Why? 00:33:32.600 --> 00:33:35.480 Well, we saw a moment ago that a smart adversary 00:33:35.480 --> 00:33:38.240 who knows a little bit of Python code and steals your phone 00:33:38.240 --> 00:33:43.260 can try 10,000 possible passwords in just less than a second. 00:33:43.260 --> 00:33:46.400 However, if you now slow them down by having this feature 00:33:46.400 --> 00:33:50.820 on your iPhone or Android device that pumps the brakes, so to speak, 00:33:50.820 --> 00:33:54.690 that lets the adversary try no more than 10 at a time, 00:33:54.690 --> 00:33:57.390 that's significantly slows them down. 00:33:57.390 --> 00:34:02.340 Now they might have to spend at least 10 seconds, 20 seconds, an hour, a day, 00:34:02.340 --> 00:34:06.090 or longer, especially since what Android and iPhone also 00:34:06.090 --> 00:34:09.120 do is they tend to increase this time limit. 00:34:09.120 --> 00:34:11.010 The first time you mess up, it's 1 minute. 00:34:11.010 --> 00:34:15.239 If you mess up another 10 times, it's now 2 minutes, maybe 5 minutes, 00:34:15.239 --> 00:34:16.260 maybe 10 minutes. 00:34:16.260 --> 00:34:19.590 Maybe the phone even deletes itself, wipes itself, 00:34:19.590 --> 00:34:22.860 if that, too, is a feature that you or your company has enabled. 00:34:22.860 --> 00:34:26.850 So again, the right way to think about this, beyond the usability trade off, 00:34:26.850 --> 00:34:29.610 is that we're just trying to raise the bar to the adversary. 00:34:29.610 --> 00:34:32.219 We're trying to make it more expensive, more costly, 00:34:32.219 --> 00:34:35.790 maybe more risky to the adversary by slowing them down. 00:34:35.790 --> 00:34:38.520 And by more risky I mean if this is like a Hollywood moment, 00:34:38.520 --> 00:34:42.147 and someone's just stolen the phone from your table at Starbucks or a coffee 00:34:42.147 --> 00:34:43.980 shop, they've plugged it into their laptop-- 00:34:43.980 --> 00:34:47.909 they're trying desperately to crack into it before you come back to the table-- 00:34:47.909 --> 00:34:50.639 well, by slowing them down, it's going to significantly 00:34:50.639 --> 00:34:54.960 increase the risk, too, that they are the act while doing it. 00:34:54.960 --> 00:34:57.420 And hopefully, too, the goal is to just get 00:34:57.420 --> 00:35:00.600 them to lose interest in your phone, lose interest in your account, 00:35:00.600 --> 00:35:04.440 and have them move on to ideally no one else's, but at least, barring that, 00:35:04.440 --> 00:35:07.680 someone else's instead of yours. 00:35:07.680 --> 00:35:13.110 So what are other defenses against these kinds of brute force attacks, 00:35:13.110 --> 00:35:14.850 or even these dictionary attacks? 00:35:14.850 --> 00:35:20.490 Well, this is a system that you and I are increasingly being able to turn on, 00:35:20.490 --> 00:35:23.040 but also increasingly are being required to turn on 00:35:23.040 --> 00:35:27.750 as well, which is, in general, probably a good thing, 2-Factor Authentication, 00:35:27.750 --> 00:35:32.100 or 2FA more generally known as multifactor authentication, 00:35:32.100 --> 00:35:36.870 is a technology whereby in addition to having one factor that you use 00:35:36.870 --> 00:35:39.600 to log in, like your password, as is tradition, 00:35:39.600 --> 00:35:42.660 you also have a second or maybe more factors 00:35:42.660 --> 00:35:45.720 that you additionally have to use in order to log in. 00:35:45.720 --> 00:35:49.500 But these factors don't just generally mean one password, two passwords, 00:35:49.500 --> 00:35:50.790 three passwords, or the like. 00:35:50.790 --> 00:35:53.670 They're fundamentally different types of factors. 00:35:53.670 --> 00:35:56.770 And in general, they're broken down into these three categories. 00:35:56.770 --> 00:35:59.160 One is a knowledge category. 00:35:59.160 --> 00:36:02.640 A knowledge factor is just something like your password 00:36:02.640 --> 00:36:05.290 that ideally you keep secret, no one else knows, 00:36:05.290 --> 00:36:08.100 and that's why it enables you to authenticate yourself, 00:36:08.100 --> 00:36:12.780 prove that you because you and only you, hopefully, have that knowledge. 00:36:12.780 --> 00:36:16.020 But a second type of factor would be a possession factor, 00:36:16.020 --> 00:36:17.730 something that you physically have. 00:36:17.730 --> 00:36:20.280 So you might be in the habit at work of carrying around 00:36:20.280 --> 00:36:23.622 one of those little key fobs that has a little code on it that changes. 00:36:23.622 --> 00:36:25.080 Now, those things can be expensive. 00:36:25.080 --> 00:36:29.170 So increasingly the world is just using our own phones, your own Android phone, 00:36:29.170 --> 00:36:32.820 your own iPhone, that maybe has SMS support on it, 00:36:32.820 --> 00:36:35.460 text messaging, or maybe a specific app that 00:36:35.460 --> 00:36:38.340 displays a short code that you type in. 00:36:38.340 --> 00:36:42.960 The presumption is if that you challenge the user not only for a knowledge 00:36:42.960 --> 00:36:46.710 factor, like their password, but a second factor, like something 00:36:46.710 --> 00:36:51.690 they possess, you significantly decrease the probability that an adversary is 00:36:51.690 --> 00:36:53.490 going to be able to get into that account. 00:36:53.490 --> 00:36:57.210 Because whereas anyone on the internet, millions of people 00:36:57.210 --> 00:37:01.680 can be a threat to you by just figuring out or finding your password, 00:37:01.680 --> 00:37:04.170 a possession factor really narrows the scope 00:37:04.170 --> 00:37:07.830 of the threat to only the other customers in Starbucks or the coffee 00:37:07.830 --> 00:37:10.680 shop, only the other people physically near you 00:37:10.680 --> 00:37:14.340 because they would have to physically obtain that second possession factor. 00:37:14.340 --> 00:37:16.650 And then a third type of factor nowadays might 00:37:16.650 --> 00:37:20.250 be an inherence, something that is unique to you 00:37:20.250 --> 00:37:23.220 specifically, more generally described as biometrics. 00:37:23.220 --> 00:37:24.810 So maybe it's your fingerprints. 00:37:24.810 --> 00:37:26.640 Maybe it is your face nowadays. 00:37:26.640 --> 00:37:29.880 Something that's inherent to you can be a third factor 00:37:29.880 --> 00:37:34.170 nowadays because the presumption is that only you, ideally, in the world 00:37:34.170 --> 00:37:36.452 have exactly that factor as well. 00:37:36.452 --> 00:37:38.160 Now, this is a little different from what 00:37:38.160 --> 00:37:42.840 some companies, some websites, some apps describe as two-step authentication, 00:37:42.840 --> 00:37:46.930 where two steps might actually just be two passwords of some sort. 00:37:46.930 --> 00:37:51.100 But two factor more technically refers to two or more 00:37:51.100 --> 00:37:55.420 of these types of fundamentally different factors, that 00:37:55.420 --> 00:37:58.160 being the most common in our case here. 00:37:58.160 --> 00:38:01.300 Now, when it comes to those possession factors, those key fobs 00:38:01.300 --> 00:38:03.190 or the apps or the codes that you receive, 00:38:03.190 --> 00:38:05.290 specifically what you're receiving in those models 00:38:05.290 --> 00:38:09.280 is generally known as a One-Time Password, or OTP. 00:38:09.280 --> 00:38:11.680 The idea being that this is not a password 00:38:11.680 --> 00:38:15.290 that you know and keep remembering and keep using again and again. 00:38:15.290 --> 00:38:18.160 It's literally one time because it's texted to you, 00:38:18.160 --> 00:38:20.950 or it's sent via an app via push notification, 00:38:20.950 --> 00:38:26.590 or it's actually sent to something on your keychain, like this here key fob, 00:38:26.590 --> 00:38:27.250 for instance. 00:38:27.250 --> 00:38:29.060 Nowadays, your company can buy these. 00:38:29.060 --> 00:38:32.800 And what happens is on the screen here, this one-time password 00:38:32.800 --> 00:38:35.260 constantly changes every few seconds. 00:38:35.260 --> 00:38:37.330 And it's synchronized somehow with a server 00:38:37.330 --> 00:38:40.480 so that the presumption is if I am carrying around this device, 00:38:40.480 --> 00:38:44.180 and I type in when prompted, this particular code, 00:38:44.180 --> 00:38:47.470 and that code matches the synchronized code that's on the server, 00:38:47.470 --> 00:38:50.180 I should be allowed into the account because the presumption is 00:38:50.180 --> 00:38:53.270 that it's indeed David carrying this around and not necessarily 00:38:53.270 --> 00:38:54.110 some adversary. 00:38:54.110 --> 00:38:58.430 It might also be possible to plug it in as via USB or some other technology, 00:38:58.430 --> 00:39:01.080 thereby removing the human from the formula 00:39:01.080 --> 00:39:03.560 so that the device itself can just authenticate using 00:39:03.560 --> 00:39:06.230 special software on the system instead. 00:39:06.230 --> 00:39:08.882 Nowadays, though, you can download special apps, 00:39:08.882 --> 00:39:11.090 whether it's one from Google or other companies, that 00:39:11.090 --> 00:39:15.320 allow you to manage, all in one place, all of these one-time passwords 00:39:15.320 --> 00:39:18.080 that you might automatically see updating on the screen. 00:39:18.080 --> 00:39:20.750 And you can type any or all of them in when you're actually 00:39:20.750 --> 00:39:23.180 prompted by a website or app. 00:39:23.180 --> 00:39:28.790 But even in this space of one-time passwords and possession factors, 00:39:28.790 --> 00:39:31.640 it's worth keeping in mind that some of these technologies 00:39:31.640 --> 00:39:33.720 are more secure than others. 00:39:33.720 --> 00:39:35.720 Now, it's very common for websites or apps 00:39:35.720 --> 00:39:39.350 nowadays to want to send you one of these one-time passwords via text 00:39:39.350 --> 00:39:40.670 message, for instance. 00:39:40.670 --> 00:39:42.470 And you receive it via SMS. 00:39:42.470 --> 00:39:46.490 And then you can type in that six-digit code, as is often the case. 00:39:46.490 --> 00:39:50.300 More secure, though, would be something like an actual app 00:39:50.300 --> 00:39:52.610 that you install from the App Store or the Google Play 00:39:52.610 --> 00:39:55.550 store that actually talks directly to some server 00:39:55.550 --> 00:39:58.700 and does not just go over the cellular phone network. 00:39:58.700 --> 00:39:59.580 Why is that? 00:39:59.580 --> 00:40:02.870 Well, as you might know, in your phone is typically 00:40:02.870 --> 00:40:06.497 a SIM card, either a physical card, a little chip, or nowadays 00:40:06.497 --> 00:40:08.580 it might actually be built into the phone as well. 00:40:08.580 --> 00:40:11.190 But that SIM card has a unique identifier. 00:40:11.190 --> 00:40:14.240 And when you sign up for phone service, typically, with a company, 00:40:14.240 --> 00:40:18.380 they need to know what the unique identifier is of your SIM card, 00:40:18.380 --> 00:40:22.200 be it something physical or something wired, hardwired into your device. 00:40:22.200 --> 00:40:22.700 Why? 00:40:22.700 --> 00:40:26.600 Because that's how they associate your phone number with that specific device. 00:40:26.600 --> 00:40:32.000 The catch is that it's all too possible, and in some cases, all too easy, 00:40:32.000 --> 00:40:36.950 to trick, even the phone companies, into swapping your SIM not necessarily doing 00:40:36.950 --> 00:40:39.920 it physically per se, but convincing the mobile phone 00:40:39.920 --> 00:40:42.980 carriers to update their system to say, oh, 00:40:42.980 --> 00:40:47.030 David now has this SIM card and not that original one. 00:40:47.030 --> 00:40:49.100 That is to say, if I'm an adversary and I just 00:40:49.100 --> 00:40:51.140 have any old phone with any old SIM card, 00:40:51.140 --> 00:40:54.170 and I figure out what the unique ID is, and maybe I call up 00:40:54.170 --> 00:40:58.520 David's mobile phone provider, and I somehow convince them 00:40:58.520 --> 00:41:04.790 that I am David by tricking them into believing it's me, as by telling them 00:41:04.790 --> 00:41:06.960 all of that personal information about myself, 00:41:06.960 --> 00:41:10.640 I might be able to convince them to swap my SIM card, 00:41:10.640 --> 00:41:13.670 the adversary's, with what is already on file. 00:41:13.670 --> 00:41:18.680 The implication of that is that when David subsequently gets text messages, 00:41:18.680 --> 00:41:21.230 they don't actually go to me, the real David. 00:41:21.230 --> 00:41:26.310 They go to the adversary's phone as well because they're tied to that SIM card. 00:41:26.310 --> 00:41:28.940 So in general nowadays, if you have a choice, 00:41:28.940 --> 00:41:33.920 using some website or app to use SMS or text-based messaging 00:41:33.920 --> 00:41:37.160 versus a native application that you install 00:41:37.160 --> 00:41:40.400 onto your phone or other device, you should generally 00:41:40.400 --> 00:41:43.760 prefer the latter, some first-class piece of software 00:41:43.760 --> 00:41:46.430 that actually uses push notifications or your data plan 00:41:46.430 --> 00:41:52.260 and does not rely on SMS text messaging because of this potential threat. 00:41:52.260 --> 00:41:57.420 So what are still other threats when it comes to these systems? 00:41:57.420 --> 00:42:01.100 Well, it turns out that it's very possible, unfortunately, 00:42:01.100 --> 00:42:04.790 for adversaries to somehow get software, malicious software, 00:42:04.790 --> 00:42:07.940 otherwise known as malware, onto your Mac, onto your PC, 00:42:07.940 --> 00:42:09.770 perhaps even onto your phone . 00:42:09.770 --> 00:42:12.170 This might be because you installed a piece of software 00:42:12.170 --> 00:42:13.640 that you shouldn't have trusted. 00:42:13.640 --> 00:42:15.950 This might be because your phone or your device 00:42:15.950 --> 00:42:18.530 is infected with something like a virus or a worm. 00:42:18.530 --> 00:42:21.860 But in general, you might be vulnerable to malware, 00:42:21.860 --> 00:42:25.190 including software that logs all of your keystrokes. 00:42:25.190 --> 00:42:28.430 Key logging refers to exactly that, some piece of software 00:42:28.430 --> 00:42:32.750 that most likely maliciously is literally recording everything you type 00:42:32.750 --> 00:42:35.090 or everything you tap into that device. 00:42:35.090 --> 00:42:37.400 And what is this software do with those keystrokes? 00:42:37.400 --> 00:42:39.110 Very often it will upload them. 00:42:39.110 --> 00:42:41.480 If there's an internet connection, maybe to a server 00:42:41.480 --> 00:42:43.130 that the adversary controls. 00:42:43.130 --> 00:42:46.010 Now, what's the implication of this key logging threat? 00:42:46.010 --> 00:42:49.222 Well, if you're typing in your username, that's not such a big 00:42:49.222 --> 00:42:50.680 because those are generally public. 00:42:50.680 --> 00:42:53.010 But if you're typing in your password, and that's 00:42:53.010 --> 00:42:55.470 being automatically uploaded to the adversary's server, 00:42:55.470 --> 00:42:57.750 now they know your username and your password. 00:42:57.750 --> 00:43:00.930 Worse, if the adversary also sees you typing 00:43:00.930 --> 00:43:04.440 in that six-digit code, your one-time password 00:43:04.440 --> 00:43:07.470 that you might have received even from your phone or some other device, 00:43:07.470 --> 00:43:11.040 if they are fast enough and smart enough and figure out 00:43:11.040 --> 00:43:15.720 how to log what you're typing, send it to the server, perhaps even before you 00:43:15.720 --> 00:43:19.800 yourself hit Enter, maybe they can use not only your username 00:43:19.800 --> 00:43:23.160 and your password, but even that one-time password 00:43:23.160 --> 00:43:28.170 by pretending to be on their own phone or their own laptop or desktop, 00:43:28.170 --> 00:43:31.350 typing in or more realistically, automatically 00:43:31.350 --> 00:43:34.170 through software typing in those same values 00:43:34.170 --> 00:43:39.760 and accessing your account even before you had a chance to do so as well. 00:43:39.760 --> 00:43:42.690 Now what are the defenses against that particular threat? 00:43:42.690 --> 00:43:47.400 Really just to be generally paranoid about what computers you yourself use. 00:43:47.400 --> 00:43:50.530 For instance, nowadays I will rarely, if ever, 00:43:50.530 --> 00:43:55.480 actually use an internet cafe's computer or even a lab computer 00:43:55.480 --> 00:43:58.780 here on Harvard's campus, or frankly, even a friend's computer 00:43:58.780 --> 00:44:03.100 because I don't know just how safe they are when it comes to best practices 00:44:03.100 --> 00:44:05.150 using their device on the internet. 00:44:05.150 --> 00:44:08.260 I will in general only log into websites and apps 00:44:08.260 --> 00:44:12.370 on my own personal devices, which isn't to say that I, too, am perfect, 00:44:12.370 --> 00:44:15.520 but rather at least I'm reducing the probability 00:44:15.520 --> 00:44:20.290 that I lose control over my data by using some other device that I myself 00:44:20.290 --> 00:44:24.010 don't oversee by that person, that owner, 00:44:24.010 --> 00:44:26.920 not themselves adhering to best practices. 00:44:26.920 --> 00:44:30.700 Now, even then, I will admit, that using key logging 00:44:30.700 --> 00:44:33.010 and getting it up to an adversary's server 00:44:33.010 --> 00:44:38.320 and inputting it faster than you might is a pretty sophisticated and difficult 00:44:38.320 --> 00:44:38.860 threat. 00:44:38.860 --> 00:44:43.900 But it's worth keeping in mind and realizing that these are certainly 00:44:43.900 --> 00:44:46.000 theoretical attacks. 00:44:46.000 --> 00:44:48.790 And if you yourself are targeted for some reason, 00:44:48.790 --> 00:44:51.680 these are absolutely things you should be mindful of. 00:44:51.680 --> 00:44:55.450 So in general, if you have the luxury of only using your own device 00:44:55.450 --> 00:45:01.720 and not some shared device that, too, tends to be best practice, I would say. 00:45:01.720 --> 00:45:05.860 Any questions on these here attacks? 00:45:05.860 --> 00:45:08.110 AUDIENCE: Regarding using long passwords, 00:45:08.110 --> 00:45:13.600 do you recommend using Google passwords or Apple passwords for the system 00:45:13.600 --> 00:45:15.400 to remember the passwords for us? 00:45:15.400 --> 00:45:16.900 DAVID MALAN: A really good question. 00:45:16.900 --> 00:45:18.608 Short answer, yes, but we'll come to that 00:45:18.608 --> 00:45:20.390 in more detail in just a few minutes. 00:45:20.390 --> 00:45:23.598 So what are other attacks that we should be mindful of? 00:45:23.598 --> 00:45:26.140 So this one has kind of a funny name, but there's this attack 00:45:26.140 --> 00:45:27.970 known as credential stuffing. 00:45:27.970 --> 00:45:32.830 And we've come across reference to this already in this discussion thus far. 00:45:32.830 --> 00:45:35.710 Credential stuffing-- a credential is something like a username 00:45:35.710 --> 00:45:39.490 and password-- refers to the process of an adversary 00:45:39.490 --> 00:45:43.210 having found a whole bunch of usernames and passwords, maybe online, 00:45:43.210 --> 00:45:45.580 maybe in some database that they or someone else 00:45:45.580 --> 00:45:48.520 attacked and posted for the whole world to download. 00:45:48.520 --> 00:45:53.380 Credential stuffing means not using dictionaries, not using brute force, 00:45:53.380 --> 00:45:57.950 but just literally using a list of already known usernames and passwords, 00:45:57.950 --> 00:46:00.430 maybe from some other application or website, 00:46:00.430 --> 00:46:03.490 to try to stuff them into a different website 00:46:03.490 --> 00:46:07.420 to see if, well, maybe if David's using this username and password over here, 00:46:07.420 --> 00:46:10.420 with high probability, he's probably using the same username 00:46:10.420 --> 00:46:11.750 and password over here. 00:46:11.750 --> 00:46:15.400 So credential stuffing is the threat that, I daresay, many of you 00:46:15.400 --> 00:46:16.600 are vulnerable to. 00:46:16.600 --> 00:46:19.670 Now, you don't need to raise your hands and admit to this right now. 00:46:19.670 --> 00:46:23.740 But if you are using the same username and the same password 00:46:23.740 --> 00:46:28.390 on 2 websites, 3 websites, 30 websites, all 00:46:28.390 --> 00:46:31.630 websites you are today vulnerable to this attack. 00:46:31.630 --> 00:46:34.900 To be clear, if any one of those websites or apps 00:46:34.900 --> 00:46:39.220 is compromised by some adversary and they figure out all of the usernames 00:46:39.220 --> 00:46:42.520 and passwords on that system, what a smart adversary is going to do now 00:46:42.520 --> 00:46:44.840 is to try that same username and password, 00:46:44.840 --> 00:46:49.900 they found for you on Amazon, on Gmail, on any other website or app 00:46:49.900 --> 00:46:53.530 that you with high probability might be using just because those services are 00:46:53.530 --> 00:46:54.220 popular. 00:46:54.220 --> 00:46:55.780 So what's the takeaway? 00:46:55.780 --> 00:47:00.103 Ideally, if you want to be immune to this kind of credential stuffing 00:47:00.103 --> 00:47:02.770 attack, where someone takes your credentials over here and tries 00:47:02.770 --> 00:47:05.380 to stuff them into these other services over here, 00:47:05.380 --> 00:47:09.760 you have to use different credentials on each and every website, 00:47:09.760 --> 00:47:10.900 on each and every app. 00:47:10.900 --> 00:47:16.720 You cannot, should not be reusing the same password on multiple websites 00:47:16.720 --> 00:47:17.320 or apps. 00:47:17.320 --> 00:47:18.040 Username? 00:47:18.040 --> 00:47:20.300 Yes, especially if it's your email address. 00:47:20.300 --> 00:47:21.640 But passwords, no. 00:47:21.640 --> 00:47:23.630 Now, this is admittedly easier said than done. 00:47:23.630 --> 00:47:27.790 So we'll see soon how we can try to achieve this, avoiding credential 00:47:27.790 --> 00:47:30.820 stuffing by having unique passwords, by at least having some help 00:47:30.820 --> 00:47:32.740 when it comes to managing the same. 00:47:32.740 --> 00:47:35.620 But there's another attack too that's come up indirectly here 00:47:35.620 --> 00:47:38.420 already known as social engineering. 00:47:38.420 --> 00:47:42.880 Social engineering isn't a technical attack per se, but rather 00:47:42.880 --> 00:47:45.580 a social one, an attack among humans. 00:47:45.580 --> 00:47:47.930 For instance, let me go ahead and suggest the following. 00:47:47.930 --> 00:47:51.820 If you have a piece of paper near you and a pen or pencil, 00:47:51.820 --> 00:47:54.640 go ahead and write down, if you could, on that piece 00:47:54.640 --> 00:47:57.160 of paper one of your passwords. 00:47:57.160 --> 00:47:59.210 Any of them is fine. 00:47:59.210 --> 00:48:02.650 Just go ahead on this piece of paper in front of you 00:48:02.650 --> 00:48:06.490 and write down one of your passwords, including 00:48:06.490 --> 00:48:11.810 any letters or digits or punctuation. 00:48:11.810 --> 00:48:14.870 Now, I'm seeing in the chat some resistance. 00:48:14.870 --> 00:48:17.420 I'm seeing some heads down though and some scribbling, 00:48:17.420 --> 00:48:18.890 which is exactly the point. 00:48:18.890 --> 00:48:22.580 Why would you take my suggestion and write down your password 00:48:22.580 --> 00:48:25.580 on a piece of paper, even though I'm presumably 00:48:25.580 --> 00:48:28.370 someone you should trust in a cybersecurity class? 00:48:28.370 --> 00:48:31.010 Those of you who reached for a pen or pencil, just 00:48:31.010 --> 00:48:33.200 wrote down one of your passwords on a sheet 00:48:33.200 --> 00:48:37.850 of paper were just socially engineered because a circumstance was created 00:48:37.850 --> 00:48:41.540 where you believed or trusted the person that was asking or telling 00:48:41.540 --> 00:48:43.910 you to do something, and you took at face value 00:48:43.910 --> 00:48:45.650 that you should do that thing. 00:48:45.650 --> 00:48:49.520 Moving forward, if any teacher ever asks you to write down 00:48:49.520 --> 00:48:54.530 a password on a piece of paper, one takeaway for today is just don't do it. 00:48:54.530 --> 00:48:56.300 That would be social engineering. 00:48:56.300 --> 00:49:00.350 And in general, if someone calls you on the phone, sends you an email 00:49:00.350 --> 00:49:05.600 and tries to get information from you, even if it seems and sounds legitimate, 00:49:05.600 --> 00:49:08.360 moving forward after today, especially, should always 00:49:08.360 --> 00:49:12.510 have a healthy skepticism, if not just enough paranoia 00:49:12.510 --> 00:49:15.750 to be healthy in the interests of protecting your account. 00:49:15.750 --> 00:49:17.970 Moving forward, if you had someone ask you 00:49:17.970 --> 00:49:20.160 something like that or even a little more nefarious, 00:49:20.160 --> 00:49:23.250 trying to figure out what your first pet was 00:49:23.250 --> 00:49:26.880 or something should kind of perk your ears up. 00:49:26.880 --> 00:49:30.300 Your Spidey senses should go up, so to speak, in the context of Spider-Man. 00:49:30.300 --> 00:49:34.470 And you should wonder, wait a minute, why do they need that information? 00:49:34.470 --> 00:49:38.730 Let me see how this plays out before I share anything about myself. 00:49:38.730 --> 00:49:41.380 And indeed, if you were, bless your hearts. 00:49:41.380 --> 00:49:44.800 But if you did jot down your password with a pen or pencil, 00:49:44.800 --> 00:49:47.850 remember that feeling of being duped because you do not 00:49:47.850 --> 00:49:50.100 want that to happen when it actually matters. 00:49:50.100 --> 00:49:52.890 Now, after this, now, I know you'll believe nothing I say. 00:49:52.890 --> 00:49:56.490 But go shred or tear up or flush whatever piece of paper 00:49:56.490 --> 00:49:57.730 has that password on it. 00:49:57.730 --> 00:49:59.460 The point is not to share it with anyone, 00:49:59.460 --> 00:50:01.870 just to prove that particular point. 00:50:01.870 --> 00:50:05.520 Now, beyond social engineering, there's another threat 00:50:05.520 --> 00:50:08.425 that's a variant of that, but is more technical in nature. 00:50:08.425 --> 00:50:09.300 And that is phishing. 00:50:09.300 --> 00:50:12.900 And most of you probably have heard about phishing in this context. 00:50:12.900 --> 00:50:15.900 And you can think about it sort of physically like going fishing, 00:50:15.900 --> 00:50:19.830 but trying to hook a sucker, someone like me or you who is duped 00:50:19.830 --> 00:50:22.470 into providing information that they shouldn't. 00:50:22.470 --> 00:50:24.600 And this very often happens via emails. 00:50:24.600 --> 00:50:26.970 Odds are, if you go through your spam folder sometime, 00:50:26.970 --> 00:50:31.260 you will see emails that seem to be coming from paypal.com 00:50:31.260 --> 00:50:35.610 or seem to be coming from Google or maybe a politician or the like. 00:50:35.610 --> 00:50:40.080 And very often those emails are encouraging you to click a link 00:50:40.080 --> 00:50:44.790 and maybe make a donation, click a link, maybe change your password, 00:50:44.790 --> 00:50:48.270 click a link, and verify your information. 00:50:48.270 --> 00:50:51.660 Phishing is all about trying to use social engineering, 00:50:51.660 --> 00:50:54.810 in this case in a technical way, to try to convince you 00:50:54.810 --> 00:50:58.320 through very convincing looking emails and even websites that it 00:50:58.320 --> 00:51:01.440 is a legitimate email from paypal.com or it 00:51:01.440 --> 00:51:05.130 is a legitimate email from a politician or it is a legitimate email 00:51:05.130 --> 00:51:07.410 or request from a teacher here at Harvard. 00:51:07.410 --> 00:51:08.430 But it's not. 00:51:08.430 --> 00:51:10.920 What they're trying to do, the adversaries in this case, 00:51:10.920 --> 00:51:15.690 are prey on your trust for those certain companies or persons. 00:51:15.690 --> 00:51:21.090 They're trying to prey on your comfort with familiar user interfaces, things 00:51:21.090 --> 00:51:22.410 that you've seen before. 00:51:22.410 --> 00:51:26.040 But unfortunately, it's all too easy for an adversary 00:51:26.040 --> 00:51:29.940 to make a very official-looking email, to make a very legitimate-looking 00:51:29.940 --> 00:51:33.570 website, even one that looks identical to paypal.com, 00:51:33.570 --> 00:51:36.210 identical to Gmail or other services. 00:51:36.210 --> 00:51:38.535 And frankly, if you take some of CS50's other courses, 00:51:38.535 --> 00:51:43.260 it kind of boils down to copy and paste in the simplest of scenarios, 00:51:43.260 --> 00:51:45.510 just copying and pasting some legitimate website 00:51:45.510 --> 00:51:47.550 and pretending that you own it too. 00:51:47.550 --> 00:51:50.260 So how might phishing manifest itself in the real world? 00:51:50.260 --> 00:51:52.540 Well, consider one of those social media posts 00:51:52.540 --> 00:51:56.310 online that tend to invite you to comment with your favorite song 00:51:56.310 --> 00:51:57.330 from childhood. 00:51:57.330 --> 00:51:59.730 Sometimes those posts have a million responses 00:51:59.730 --> 00:52:01.740 from people you know and don't even know. 00:52:01.740 --> 00:52:05.340 But more than being interested in what your childhood favorite song was, 00:52:05.340 --> 00:52:09.240 those posts are very often phishing for personal information 00:52:09.240 --> 00:52:12.540 because suppose that you, or at least someone among those comments 00:52:12.540 --> 00:52:16.350 is actually using their favorite childhood song as their answer 00:52:16.350 --> 00:52:18.540 to some website or app secret question. 00:52:18.540 --> 00:52:21.570 Now the author of that post, not to mention everyone else, 00:52:21.570 --> 00:52:24.280 knows the answer to the same. 00:52:24.280 --> 00:52:27.450 So how else might phishing manifest itself in the real world? 00:52:27.450 --> 00:52:29.790 If you were to visit a screen later today that 00:52:29.790 --> 00:52:32.370 looks a little something like this, well, this 00:52:32.370 --> 00:52:36.780 looks like Gmail's login page, at least here in the US when using English. 00:52:36.780 --> 00:52:38.940 And frankly, I've seen this so many times 00:52:38.940 --> 00:52:42.240 that I might be inclined to just blindly type into the form 00:52:42.240 --> 00:52:46.230 my email address and then after that probably my password. 00:52:46.230 --> 00:52:50.370 But it's important to begin to develop an intuition or a suspicion 00:52:50.370 --> 00:52:54.690 for when and when these sites might not be legitimate. 00:52:54.690 --> 00:52:55.840 How might you do that? 00:52:55.840 --> 00:52:58.410 Well, you should minimally be looking at the URL bar 00:52:58.410 --> 00:53:03.600 and making sure that it is gmail.com or probably google.com 00:53:03.600 --> 00:53:06.210 or whatever google dot country code, depending 00:53:06.210 --> 00:53:09.630 on where you live in the world, making sure that it looks legitimate 00:53:09.630 --> 00:53:11.790 and that you've actually been there before for. 00:53:11.790 --> 00:53:15.000 When you hover over links, you can very commonly in your browser 00:53:15.000 --> 00:53:18.460 look at the bottom, left-hand corner or some corner of your screen. 00:53:18.460 --> 00:53:22.830 And you can see what URL a link will actually take you to. 00:53:22.830 --> 00:53:25.710 Even though the words on the screen might say something, 00:53:25.710 --> 00:53:28.380 the actual link might take you somewhere else. 00:53:28.380 --> 00:53:32.020 Now, even then, it's hard sometimes to discern these kinds of things. 00:53:32.020 --> 00:53:35.220 But these are just best practices. 00:53:35.220 --> 00:53:38.520 You don't need to be so worried that you don't go anywhere on the internet. 00:53:38.520 --> 00:53:41.410 But you should learn to keep an eye out for these kinds of things. 00:53:41.410 --> 00:53:45.280 And in general, with phishing, rather than trust any link in an email 00:53:45.280 --> 00:53:47.280 that you receive, especially when it's something 00:53:47.280 --> 00:53:50.940 private like a bank account, something medical, something personal, 00:53:50.940 --> 00:53:51.810 well, that's fine. 00:53:51.810 --> 00:53:55.620 Open a new tab and manually go to paypal.com, 00:53:55.620 --> 00:53:58.830 Enter, or manually go to gmail.com, Enter. 00:53:58.830 --> 00:54:00.840 Don't just blindly trust these links. 00:54:00.840 --> 00:54:04.570 Now, here again, we see a trade off between usability and security. 00:54:04.570 --> 00:54:07.290 It's a little annoying if I can't just click on a link 00:54:07.290 --> 00:54:09.030 and go to the place I want to go. 00:54:09.030 --> 00:54:12.890 You have to manually open the page, type it in manually, and so forth. 00:54:12.890 --> 00:54:15.460 But again, it depends on what's now more important to you, 00:54:15.460 --> 00:54:21.910 the usability of that service or the security of your account therein. 00:54:21.910 --> 00:54:25.420 This is even more worrisome when it comes to two-step verification. 00:54:25.420 --> 00:54:27.670 And Google takes some liberties with the wording here. 00:54:27.670 --> 00:54:31.120 This is usually best described as two-factor authentication. 00:54:31.120 --> 00:54:33.790 But again, the most sophisticated of adversaries, 00:54:33.790 --> 00:54:37.270 theoretically, if they sent you a phishing email, 00:54:37.270 --> 00:54:41.560 tricked you into a visiting a website that looks like Gmail but is not Gmail. 00:54:41.560 --> 00:54:46.540 They could theoretically even prompt you for a two-factor code like this. 00:54:46.540 --> 00:54:48.940 And then if they're smart and savvy enough with code, 00:54:48.940 --> 00:54:52.240 they could automatically now send your username, your password, 00:54:52.240 --> 00:54:57.700 and a two-factor code maybe to the real gmail.com, log into your account, 00:54:57.700 --> 00:55:01.787 change your password before you even get up and running therein. 00:55:01.787 --> 00:55:04.120 It's a more sophisticated threat, and it's not something 00:55:04.120 --> 00:55:05.530 you need to worry about as much. 00:55:05.530 --> 00:55:10.600 But it's this principle of not just trusting screens and requests that 00:55:10.600 --> 00:55:12.010 are presented in front of you. 00:55:12.010 --> 00:55:15.370 You should have this healthy skepticism and at least some technical savvy 00:55:15.370 --> 00:55:18.190 to know how you can decide for yourself, yes, I 00:55:18.190 --> 00:55:21.530 am comfortable with proceeding with this step. 00:55:21.530 --> 00:55:24.940 Now, there's another type of attack, too, that's more sophisticated 00:55:24.940 --> 00:55:28.940 and not one you need to worry about as frequently as some of the earlier ones. 00:55:28.940 --> 00:55:32.290 But they're generally known as a machine-in-the-middle attack. 00:55:32.290 --> 00:55:35.590 Whereby, if you're on the internet, there are, suffice it to say, 00:55:35.590 --> 00:55:40.090 many other machines on the internet, very often, between you and whatever 00:55:40.090 --> 00:55:42.310 website or app you're visiting. 00:55:42.310 --> 00:55:45.190 Often those machines might be things like routers, 00:55:45.190 --> 00:55:48.910 servers that internet service providers companies, universities, 00:55:48.910 --> 00:55:51.460 maybe even your own home owns and controls. 00:55:51.460 --> 00:55:54.460 But all of your data is passing through those machines 00:55:54.460 --> 00:55:55.930 in the middle, so to speak. 00:55:55.930 --> 00:55:59.920 If any of them are malicious and are maybe storing your data, 00:55:59.920 --> 00:56:03.160 looking at your data, it's possible that you might not 00:56:03.160 --> 00:56:06.040 be having secure communications with the other end 00:56:06.040 --> 00:56:08.410 unless you are using certain defenses. 00:56:08.410 --> 00:56:10.810 And in our focus in this class on data, we'll 00:56:10.810 --> 00:56:14.460 talk about cryptography and encryption and building blocks 00:56:14.460 --> 00:56:16.680 via which we can mitigate attacks like these. 00:56:16.680 --> 00:56:18.810 But it's worth knowing about this general idea 00:56:18.810 --> 00:56:22.770 that even though it feels like it's only you and amazon.com, 00:56:22.770 --> 00:56:26.490 it's only you and paypal.com, it's only you and WhatsApp, 00:56:26.490 --> 00:56:29.680 there are many other machines in the middle. 00:56:29.680 --> 00:56:32.280 And if you're not using the best practices, 00:56:32.280 --> 00:56:35.310 and if you're not keeping an eye out for those things, suspicious 00:56:35.310 --> 00:56:39.120 those machines in the middle might actually be there to attack you, 00:56:39.120 --> 00:56:45.910 to take your data, to access your accounts or something more as well. 00:56:45.910 --> 00:56:48.198 So there's a lot of attacks out there. 00:56:48.198 --> 00:56:50.490 And at this point, you might be feeling a bit defeated. 00:56:50.490 --> 00:56:53.880 But hopefully, we've presented at least enough defenses thus far, 00:56:53.880 --> 00:56:55.680 and there are still a few more to come. 00:56:55.680 --> 00:56:59.430 But let's consider now kind of the source of a lot of these problems. 00:56:59.430 --> 00:57:02.280 Unfortunately, it's you, and it's me. 00:57:02.280 --> 00:57:05.040 Like, the whole story here today started with you 00:57:05.040 --> 00:57:07.140 and I are not very good at choosing passwords. 00:57:07.140 --> 00:57:10.860 And we generally meet the minimal requirements, not necessarily 00:57:10.860 --> 00:57:12.280 the best practices. 00:57:12.280 --> 00:57:14.940 But again, there's these sociological side effects 00:57:14.940 --> 00:57:18.450 of certain corporate policies or technical policies 00:57:18.450 --> 00:57:22.140 that do induce this trade off between security and usability. 00:57:22.140 --> 00:57:25.420 And it's one thing for me to preach here, so to speak, 00:57:25.420 --> 00:57:29.220 and say, yes, you should use long, complicated passwords that are really 00:57:29.220 --> 00:57:35.190 hard to guess with letters and digits and punctuation still, maybe even 64 00:57:35.190 --> 00:57:39.450 characters if you want to be really secure, even if it's a longer phrase. 00:57:39.450 --> 00:57:43.380 But honestly, there are also these pressures on me not doing that. 00:57:43.380 --> 00:57:46.200 It's annoying to type in 64 characters. 00:57:46.200 --> 00:57:48.780 It's annoying to type in eight characters if a lot of them 00:57:48.780 --> 00:57:51.720 require uppercase, lowercase, punctuation, and the like. 00:57:51.720 --> 00:57:56.580 And honestly, I have dozens, I have hundreds, maybe thousands of accounts 00:57:56.580 --> 00:57:59.550 nowadays on the internet that have accumulated over time. 00:57:59.550 --> 00:58:02.880 What am I going to do if it just gets difficult to remember these things? 00:58:02.880 --> 00:58:07.740 Well, like you yourself might in your company, you might walk by their desk 00:58:07.740 --> 00:58:11.840 and see on their monitor, the familiar yellow post-it note with one or more 00:58:11.840 --> 00:58:13.280 of their passwords actually on it. 00:58:13.280 --> 00:58:16.880 Maybe worse, you open their desk drawer, and there's a whole printout 00:58:16.880 --> 00:58:18.590 of all of their username and passwords. 00:58:18.590 --> 00:58:23.550 Or even beyond that, maybe they actually have a text file or an Excel file, 00:58:23.550 --> 00:58:26.510 a CSV file on their computer thinking, well, at least it's all digital. 00:58:26.510 --> 00:58:28.940 But it's just sitting there on their desktop. 00:58:28.940 --> 00:58:32.930 And worse maybe it's called passwords.txt or the like. 00:58:32.930 --> 00:58:35.330 But that's a very real side effect of having 00:58:35.330 --> 00:58:39.270 policies and technical constraints that make it harder to use systems. 00:58:39.270 --> 00:58:42.350 So what are some other defenses that either you can use 00:58:42.350 --> 00:58:45.660 or maybe companies can use or offer to make things better? 00:58:45.660 --> 00:58:47.990 Well, a solution to some of these problems 00:58:47.990 --> 00:58:50.990 might be this, Single Sign On, or SSO. 00:58:50.990 --> 00:58:55.070 So single sign on refers to an ability to sign up for, 00:58:55.070 --> 00:58:59.300 to log in to one's website using an account that you already 00:58:59.300 --> 00:59:00.890 have on another website. 00:59:00.890 --> 00:59:04.020 And very often the account that you use is one of the big ones, 00:59:04.020 --> 00:59:06.630 one of the popular websites or applications out there. 00:59:06.630 --> 00:59:09.860 So for instance, if you log in to this representative website 00:59:09.860 --> 00:59:12.930 here, what you might see is, yes, a form field 00:59:12.930 --> 00:59:16.860 via which you can type in your own email address and your password to log in. 00:59:16.860 --> 00:59:20.070 Or if you prefer, you can just log in with Google, 00:59:20.070 --> 00:59:22.350 or you can just log in with Facebook, or you can just 00:59:22.350 --> 00:59:26.680 log in with any number of other services if this website or application supports 00:59:26.680 --> 00:59:27.180 it. 00:59:27.180 --> 00:59:28.720 Now, what's the motivation here? 00:59:28.720 --> 00:59:31.420 Well, one, it's still backwards compatible, 00:59:31.420 --> 00:59:34.320 so to speak, with the very familiar approach of just let 00:59:34.320 --> 00:59:36.240 me register with my own email address. 00:59:36.240 --> 00:59:38.190 Let me come up with my own password and be 00:59:38.190 --> 00:59:42.480 done with it, especially if I don't use Google or Facebook as a customer. 00:59:42.480 --> 00:59:45.360 But the upside of offering these solutions, especially 00:59:45.360 --> 00:59:48.990 for popular websites like Google and Facebook and others, 00:59:48.990 --> 00:59:53.040 is that if I already have an account with Google or Facebook, 00:59:53.040 --> 00:59:56.138 and hopefully I already have a good password for both 00:59:56.138 --> 00:59:57.930 of those because those are important to me, 00:59:57.930 --> 01:00:01.710 and better yet, I ideally have two-factor authentication enabled 01:00:01.710 --> 01:00:05.460 on one or both of those, because again they're important accounts to me, 01:00:05.460 --> 01:00:09.090 wouldn't it be nice for this new website to let me, one, 01:00:09.090 --> 01:00:11.850 just log in with my existing account so that I 01:00:11.850 --> 01:00:15.300 don't have to waste time signing up for yet another internet account? 01:00:15.300 --> 01:00:18.660 Two, I don't have to remember a new password that's 01:00:18.660 --> 01:00:20.740 going to be difficult to remember and so forth. 01:00:20.740 --> 01:00:22.830 And so it decreases friction. 01:00:22.830 --> 01:00:25.350 It increases usability of the system. 01:00:25.350 --> 01:00:29.680 And ideally, it increases the security of the system in this case as well. 01:00:29.680 --> 01:00:30.180 Why? 01:00:30.180 --> 01:00:33.420 Because if you're doing a good job protecting at least these most 01:00:33.420 --> 01:00:36.150 important personal accounts, then this website 01:00:36.150 --> 01:00:39.900 stands to benefit from those same best practices on your part. 01:00:39.900 --> 01:00:41.700 Now, what is actually happening here? 01:00:41.700 --> 01:00:44.370 When you click Log in with Google, Log in with Facebook, 01:00:44.370 --> 01:00:48.660 you should see the Google login screen or the Facebook login screen 01:00:48.660 --> 01:00:49.380 respectively. 01:00:49.380 --> 01:00:53.370 You should literally be redirected in your browser to google.com 01:00:53.370 --> 01:00:58.140 or facebook.com or one of their international domain names instead. 01:00:58.140 --> 01:01:01.230 There, you'll type in your same username and password 01:01:01.230 --> 01:01:02.970 as usual for Google or Facebook. 01:01:02.970 --> 01:01:09.030 But that password is not given to this new website or this third-party website 01:01:09.030 --> 01:01:11.280 you're visiting, rather using a technique 01:01:11.280 --> 01:01:15.330 known as cryptography and encryption and some fancy math, essentially. 01:01:15.330 --> 01:01:19.680 The username with which you log in is sent back 01:01:19.680 --> 01:01:23.040 to this third-party website, but not your password, just 01:01:23.040 --> 01:01:26.730 a confirmation that yes, David's successfully logged into Google, 01:01:26.730 --> 01:01:28.830 or David successfully logged into Facebook. 01:01:28.830 --> 01:01:33.930 Therefore you can trust that his username is malan@harvard.edu, 01:01:33.930 --> 01:01:37.480 or whatever it is I typed in, to log in there. 01:01:37.480 --> 01:01:40.920 So using single sign on benefits not only you 01:01:40.920 --> 01:01:43.620 potentially but also the website or application 01:01:43.620 --> 01:01:49.690 by making it easier for you to register and/or log in subsequently as well. 01:01:49.690 --> 01:01:52.500 Now, where does this leave us ultimately? 01:01:52.500 --> 01:01:54.430 Some of you might already be thinking, well, 01:01:54.430 --> 01:01:56.190 what about using a password manager? 01:01:56.190 --> 01:01:58.860 And some of you might be thinking, what is a password manager? 01:01:58.860 --> 01:02:01.590 So let's emphasize this one perhaps the most. 01:02:01.590 --> 01:02:06.600 Increasingly, best practice is to use a piece of software 01:02:06.600 --> 01:02:08.932 that manages your passwords for you. 01:02:08.932 --> 01:02:11.640 Thankfully, there's going to be an even better solution than this 01:02:11.640 --> 01:02:12.670 on the horizon. 01:02:12.670 --> 01:02:16.390 But for now, minimally, if you're not using a password manager, 01:02:16.390 --> 01:02:17.850 you probably should be. 01:02:17.850 --> 01:02:21.420 If you're using the same password on multiple sites or applications, 01:02:21.420 --> 01:02:23.910 and thus you're vulnerable to credential stuffing, 01:02:23.910 --> 01:02:26.130 you should probably be using a password manager 01:02:26.130 --> 01:02:28.590 instead so that you can change all of those accounts 01:02:28.590 --> 01:02:30.180 to have unique passwords. 01:02:30.180 --> 01:02:32.850 But this piece of software known as a password manager 01:02:32.850 --> 01:02:35.640 can remember those passwords for you. 01:02:35.640 --> 01:02:39.240 If you are in the habit of choosing very easy passwords because it's 01:02:39.240 --> 01:02:41.550 just better for you to remember, you should probably 01:02:41.550 --> 01:02:45.210 start using a password manager because beyond remembering your passwords, 01:02:45.210 --> 01:02:49.260 these password managers also make it easy to generate new passwords. 01:02:49.260 --> 01:02:51.240 You click a button, and essentially it will 01:02:51.240 --> 01:02:54.030 generate a password that's however short or long that you 01:02:54.030 --> 01:02:57.300 want with some uppercase, lowercase, symbols, numbers, 01:02:57.300 --> 01:02:59.280 whatever it is a website requires. 01:02:59.280 --> 01:03:01.230 It will just generate it for you. 01:03:01.230 --> 01:03:05.080 And better yet, it will then save that generated password for you. 01:03:05.080 --> 01:03:06.947 So you the human do not need to memorize it, 01:03:06.947 --> 01:03:09.030 and you the human certainly don't need to write it 01:03:09.030 --> 01:03:12.690 down on a post-it note or any the other file somewhere else. 01:03:12.690 --> 01:03:15.230 So password managers literally do just that. 01:03:15.230 --> 01:03:17.480 And they have even more features than that. 01:03:17.480 --> 01:03:19.880 Generally, if you're using a password manager 01:03:19.880 --> 01:03:23.720 and you go visit a website for the second time or the third time, 01:03:23.720 --> 01:03:27.110 you can typically hit an automatic keystroke that 01:03:27.110 --> 01:03:28.710 will just automatically log you in. 01:03:28.710 --> 01:03:30.710 It will fill in your username and your password. 01:03:30.710 --> 01:03:34.460 But better yet, it will only do so if you're 01:03:34.460 --> 01:03:40.580 on the real gmail.com or the real facebook.com or the real paypal.com. 01:03:40.580 --> 01:03:46.040 These password managers also remember the URL at which you created or last 01:03:46.040 --> 01:03:50.000 used that username and password so that if you are somehow subject 01:03:50.000 --> 01:03:53.725 to a phishing attack-- you've been tricked into clicking a link and going 01:03:53.725 --> 01:03:56.100 to a website that looks like Google looks, like Facebook, 01:03:56.100 --> 01:04:00.530 but actually isn't-- the password manager will ignore your keystrokes 01:04:00.530 --> 01:04:05.450 and not actually log you in, pasting into that form your actual username 01:04:05.450 --> 01:04:08.810 and password because it doesn't recognize that same URL. 01:04:08.810 --> 01:04:12.350 So there are a lot of upsides of these password managers. 01:04:12.350 --> 01:04:20.360 The one catch is that the onus is on you to remember one primary password that 01:04:20.360 --> 01:04:23.330 protects your password manager itself. 01:04:23.330 --> 01:04:25.610 That is to say, if this is a piece of software that 01:04:25.610 --> 01:04:30.350 stores all of the dozens, hundreds, thousands of usernames and passwords 01:04:30.350 --> 01:04:34.010 that you have, you are putting proverbially all of your eggs 01:04:34.010 --> 01:04:36.050 in one basket, so to speak. 01:04:36.050 --> 01:04:41.030 That is you want to protect this password manager with probably the best 01:04:41.030 --> 01:04:43.310 password you've ever come up with. 01:04:43.310 --> 01:04:45.080 This should probably be long. 01:04:45.080 --> 01:04:47.120 It should have some complexity. 01:04:47.120 --> 01:04:49.400 It should be a little annoying perhaps to type 01:04:49.400 --> 01:04:53.090 in because you don't want an adversary to get in and get access 01:04:53.090 --> 01:04:54.260 to everything else. 01:04:54.260 --> 01:04:56.810 But it's just one password that we're really 01:04:56.810 --> 01:05:00.530 asking you to pick really well and reasonably long 01:05:00.530 --> 01:05:03.710 so that you're protecting everything else. 01:05:03.710 --> 01:05:06.950 Now, these password managers are a little different 01:05:06.950 --> 01:05:09.680 than what you're probably familiar with in your own browser. 01:05:09.680 --> 01:05:13.880 It's been common for years for browsers to remember your username and password 01:05:13.880 --> 01:05:17.100 by just showing you, like, bullets like, dot, dot, dot, in the form field. 01:05:17.100 --> 01:05:18.230 So you can just hit Enter. 01:05:18.230 --> 01:05:19.190 That's fine. 01:05:19.190 --> 01:05:23.360 But that information is often associated only with that one browser. 01:05:23.360 --> 01:05:27.620 It doesn't propagate to your phone or another device that you're logged into. 01:05:27.620 --> 01:05:29.448 It's not easy to share it with someone else 01:05:29.448 --> 01:05:32.240 if you have a family account, for instance, or something like that. 01:05:32.240 --> 01:05:36.860 So password managers often offer additional features beyond that 01:05:36.860 --> 01:05:39.800 and really protect all of the things that you're using, 01:05:39.800 --> 01:05:42.260 and also help you generate those same passwords. 01:05:42.260 --> 01:05:46.640 Fortunately, thankfully nowadays, these are increasingly standard. 01:05:46.640 --> 01:05:51.390 There are third-party options that you can find online or even purchase. 01:05:51.390 --> 01:05:54.770 But they're increasingly built into our own operating systems, which 01:05:54.770 --> 01:05:57.530 if I had to choose, especially for a less-technical audience, 01:05:57.530 --> 01:06:01.040 using what comes with your computer from the major manufacturers 01:06:01.040 --> 01:06:04.250 is probably a good thing as opposed to going 01:06:04.250 --> 01:06:07.370 third party unless third parties offer you additional features 01:06:07.370 --> 01:06:11.040 that might be especially beneficial in companies and families or the like. 01:06:11.040 --> 01:06:15.290 So Apple has what they call their iCloud Keychain via which you can not only 01:06:15.290 --> 01:06:19.310 save passwords on one device, they can propagate securely 01:06:19.310 --> 01:06:21.440 to your other device, like your phone. 01:06:21.440 --> 01:06:23.270 Google has its password manager. 01:06:23.270 --> 01:06:25.280 Microsoft has its credential manager. 01:06:25.280 --> 01:06:27.540 And there's certainly other options as well. 01:06:27.540 --> 01:06:29.540 The takeaway for today, though, should be 01:06:29.540 --> 01:06:32.300 that if you're not using a password manager, 01:06:32.300 --> 01:06:37.100 it's probably time to start doing so, at least for your most important accounts, 01:06:37.100 --> 01:06:41.540 maybe things that are particularly personal, medical, financial, anything 01:06:41.540 --> 01:06:45.380 where you or your family would really be upset if that account were somehow 01:06:45.380 --> 01:06:46.160 compromised. 01:06:46.160 --> 01:06:49.670 At least figure out how to start migrating those kinds of accounts 01:06:49.670 --> 01:06:53.750 to a password manager and also enable some of our other best practices, 01:06:53.750 --> 01:06:55.430 like two-factor authentication. 01:06:55.430 --> 01:06:57.890 Better yet, don't just enable two-factor authentication. 01:06:57.890 --> 01:06:59.870 Don't use SMS if you can. 01:06:59.870 --> 01:07:04.580 Instead use like a native application on your phone or even a physical key fob 01:07:04.580 --> 01:07:06.947 just to decrease the probability of those threats. 01:07:06.947 --> 01:07:08.780 And I would encourage you, too, because it's 01:07:08.780 --> 01:07:11.405 one thing to sit in on a class like this and be like, oh, yeah, 01:07:11.405 --> 01:07:12.140 I should do that. 01:07:12.140 --> 01:07:16.340 But then it just feels like so much work to go and change all hundreds 01:07:16.340 --> 01:07:17.930 or thousands of my accounts. 01:07:17.930 --> 01:07:19.310 Again, take baby steps. 01:07:19.310 --> 01:07:22.580 Bite off the easiest, most important accounts first. 01:07:22.580 --> 01:07:26.660 And over time, the next time you log in to that other website, 01:07:26.660 --> 01:07:29.120 OK, go ahead and change the password to something better, 01:07:29.120 --> 01:07:31.400 put it in the password manager, and be done with it. 01:07:31.400 --> 01:07:33.920 The next time you go to another website, do it that one. 01:07:33.920 --> 01:07:37.370 You can do these things incrementally because, again, with this advice, 01:07:37.370 --> 01:07:41.390 I'm just trying to help you personally strike this balance between usability 01:07:41.390 --> 01:07:43.730 and security because if your takeaway is I 01:07:43.730 --> 01:07:46.070 have to go change 1,000 passwords tonight, 01:07:46.070 --> 01:07:48.050 you might not realistically do it. 01:07:48.050 --> 01:07:50.690 So better would be to change a few of them and chip 01:07:50.690 --> 01:07:53.550 away at this problem over time. 01:07:53.550 --> 01:07:57.110 Let me pause here and see if there are any questions. 01:07:57.110 --> 01:08:00.410 AUDIENCE: If a password manager tool is so helpful, so 01:08:00.410 --> 01:08:04.100 why we are using antivirus for websites? 01:08:04.100 --> 01:08:07.665 DAVID MALAN: Oh, so you should certainly be using antivirus for other reasons 01:08:07.665 --> 01:08:09.290 that we'll talk about in another class. 01:08:09.290 --> 01:08:13.230 Viruses, worms, and malware can do any number of bad things, 01:08:13.230 --> 01:08:16.040 including encrypting your data, deleting your data, 01:08:16.040 --> 01:08:17.510 sending spam from your computer. 01:08:17.510 --> 01:08:19.760 There's many reasons you want to run it instead. 01:08:19.760 --> 01:08:23.270 However, if you have malware, like a virus on your computer, 01:08:23.270 --> 01:08:26.840 and it's logging all of your keystrokes, theoretically you 01:08:26.840 --> 01:08:31.100 could still be vulnerable to attack if they are also 01:08:31.100 --> 01:08:34.370 logging your two-factor code maybe because you 01:08:34.370 --> 01:08:37.609 get distracted you don't hit Enter fast enough, and they can use that too. 01:08:37.609 --> 01:08:40.399 It's a lower probability threat. 01:08:40.399 --> 01:08:41.930 It's a theoretical one. 01:08:41.930 --> 01:08:43.727 But also in the interest of best practices, 01:08:43.727 --> 01:08:45.560 you don't want any software on your computer 01:08:45.560 --> 01:08:47.210 that could be doing bad things anyway. 01:08:47.210 --> 01:08:50.390 You just want to raise the bar as much as you can to these adversaries 01:08:50.390 --> 01:08:54.050 without making your own accounts unusable. 01:08:54.050 --> 01:08:54.937 Another question. 01:08:54.937 --> 01:08:55.729 AUDIENCE: Oh, yeah. 01:08:55.729 --> 01:08:58.189 I had a question about social engineering, if that's fine. 01:08:58.189 --> 01:09:02.960 And we know that the rise of the AI technology, now AI 01:09:02.960 --> 01:09:05.279 can record your voice and sample it. 01:09:05.279 --> 01:09:08.450 And that could be a real threat in social engineering 01:09:08.450 --> 01:09:11.310 because now someone can mimic your boss and call you 01:09:11.310 --> 01:09:13.770 or someone can mimic your voice and call your bank. 01:09:13.770 --> 01:09:15.450 So is there a way to combat this? 01:09:15.450 --> 01:09:18.529 Or is there any technology to prevent this from happening? 01:09:18.529 --> 01:09:21.029 DAVID MALAN: That's a really good question and another piece 01:09:21.029 --> 01:09:22.560 of advice I should reflect back. 01:09:22.560 --> 01:09:25.410 If on any of your accounts, particularly bank accounts, 01:09:25.410 --> 01:09:28.770 you are using voice recognition technology, whereby 01:09:28.770 --> 01:09:30.810 when you set up the account, you were prompted 01:09:30.810 --> 01:09:34.649 to say a phrase into the phone, for instance, to evoke an old movie 01:09:34.649 --> 01:09:38.040 called Sneakers-- my voice is my password-- you should 01:09:38.040 --> 01:09:40.710 disable those features and stop using them, 01:09:40.710 --> 01:09:45.359 assuming there's an alternative, like two-factor authentication, whereby 01:09:45.359 --> 01:09:48.510 they send you a push notification to an app or the like. 01:09:48.510 --> 01:09:52.529 Reason being, exactly that, is you've probably seen in this age of AI, 01:09:52.529 --> 01:09:56.680 there are technologies called deepfakes whereby you can generate video, 01:09:56.680 --> 01:09:58.380 but also audio of people. 01:09:58.380 --> 01:10:01.560 This is very commonly done for celebrities, for politicians, 01:10:01.560 --> 01:10:03.720 and voices that you see a lot on the internet. 01:10:03.720 --> 01:10:08.340 But it would not be that hard if someone has access to voice recordings of you 01:10:08.340 --> 01:10:11.910 to use some software or some app to generate 01:10:11.910 --> 01:10:16.260 saying, my voice is my password, even though you might not 01:10:16.260 --> 01:10:19.510 have said that since the time you set up the account. 01:10:19.510 --> 01:10:21.580 And so your accounts, too, might be compromised. 01:10:21.580 --> 01:10:27.090 So my own advice there would be don't use voice-based recognition anymore, 01:10:27.090 --> 01:10:31.230 if there's a better alternative available. 01:10:31.230 --> 01:10:32.850 Other questions? 01:10:32.850 --> 01:10:35.760 AUDIENCE: Doesn't having one password manager, 01:10:35.760 --> 01:10:40.320 so figuratively keeping all your keys in one safe, 01:10:40.320 --> 01:10:43.260 defeat the purpose of having different passwords? 01:10:43.260 --> 01:10:49.640 Because if you lose that one key to your key safe, all is gone. 01:10:49.640 --> 01:10:51.390 DAVID MALAN: It's a really good intuition, 01:10:51.390 --> 01:10:53.850 and that's exactly the trade off to think about. 01:10:53.850 --> 01:10:56.070 I would consider in deciding for yourself, 01:10:56.070 --> 01:10:59.070 if you want to take that advice, what the alternative is. 01:10:59.070 --> 01:11:03.090 Because if you're using pretty easy-to-guess passwords everywhere, 01:11:03.090 --> 01:11:06.690 this is probably a net positive to move to a password manager instead. 01:11:06.690 --> 01:11:10.050 If you're reusing the same password on a lot of websites and apps, 01:11:10.050 --> 01:11:15.150 this is probably a net positive to switch to a password manager instead. 01:11:15.150 --> 01:11:19.050 If, however, though, you've actually been a very good internet citizen, 01:11:19.050 --> 01:11:22.185 and you've been choosing hard-to-guess, unique passwords 01:11:22.185 --> 01:11:24.810 for all different sites-- they're not written down on a post-it 01:11:24.810 --> 01:11:27.660 or easily accessible-- then this might be a net negative 01:11:27.660 --> 01:11:30.360 for you to put all of those eggs, so to speak, in one basket, 01:11:30.360 --> 01:11:33.480 thereby making them more vulnerable. 01:11:33.480 --> 01:11:36.540 From experience and from the head nods and admissions 01:11:36.540 --> 01:11:38.320 that we get from students over the years, 01:11:38.320 --> 01:11:41.130 I guess that most of us in this room would 01:11:41.130 --> 01:11:43.980 benefit as a net positive from a password manager. 01:11:43.980 --> 01:11:46.302 But there, too, you should decide for yourself. 01:11:46.302 --> 01:11:48.510 And again, one of our lessons for today is don't just 01:11:48.510 --> 01:11:51.150 believe something some guy on the internet told you. 01:11:51.150 --> 01:11:55.890 Decide for yourself based on these trade offs, these upsides and. downsides. 01:11:55.890 --> 01:11:58.830 Now, password managers are not all upside. 01:11:58.830 --> 01:12:02.730 Indeed, if you lose or forget that primary password, 01:12:02.730 --> 01:12:05.880 you might lose access to all of your other accounts. 01:12:05.880 --> 01:12:08.010 Fortunately, there is an alternative that's 01:12:08.010 --> 01:12:11.640 increasingly available on websites and apps known as passkeys. 01:12:11.640 --> 01:12:14.510 And what's nice about passkeys is that moving forward, 01:12:14.510 --> 01:12:16.960 it will be your Mac, your PC, or your phone 01:12:16.960 --> 01:12:19.750 that generates a passkey for a new website 01:12:19.750 --> 01:12:21.370 or app for which you're registering. 01:12:21.370 --> 01:12:24.280 You yourself don't have to remember what that passkey is, 01:12:24.280 --> 01:12:26.290 and indeed it isn't even just one value. 01:12:26.290 --> 01:12:30.220 Rather it's a pair of values, a private value and a public value, 01:12:30.220 --> 01:12:33.220 that have a mathematical relationship between the two. 01:12:33.220 --> 01:12:35.420 And those two values are used. 01:12:35.420 --> 01:12:39.170 The next time you try to access that website or application, your Mac, 01:12:39.170 --> 01:12:43.060 your PC, or your phone will use those values to automatically authenticate 01:12:43.060 --> 01:12:43.870 you thereafter. 01:12:43.870 --> 01:12:45.940 And better yet those values are synchronized 01:12:45.940 --> 01:12:49.900 as needed across your devices so that you can use your Mac and your PC 01:12:49.900 --> 01:12:52.960 and your phone or any other such devices to authenticate. 01:12:52.960 --> 01:12:55.180 But to better understand these passkeys, we'll 01:12:55.180 --> 01:12:58.700 need to know a little something about the world of cryptography. 01:12:58.700 --> 01:13:02.420 And so for that, we'll wait for our discussion of securing your data. 01:13:02.420 --> 01:13:05.610 So more on that next time.