Week 1 - Journal

• Consider possible topics for your research project in this course. What interests you about these topics and why do you think they would be a good fit for the course? Which research methodologies do you think will likely serve you well as you begin your research (experiments, literature review, surveys, etc.)?

A few days ago I discussed how I intend to explore the world of password authentication. Today I will talk about why I chose this specific area if IT to research; why it interests me and how it will bring a lot to the table as my class researches and discusses a wide range of IT related topics.

I have used password authentication since I was introduced to computers, but it only became an interest of mine when I was really starting to get into building pc's and had one of my own to tinker with. As happens to everyone once in a while, there was one event where I forgot the windows login password to a computer I was tinkering with (I probably changed it, then forgot it was changed). Locked out of this machine, I started googling how to reset/remove user account passwords and found the results a bit shocking.

The sheer number of hits, and the variety of methods available to get around locked accounts on Windows systems opened my eyes and I started to question just how secure this specific authentication method was. This piqued my interest in password security and I soon learned that it is possible to reset/remove passwords, extract password hashes, get access to administrator command prompts when locked out, and more. Ever since I have been keeping an eye on interesting developments in the password cracking scene, a field that doesn't disappoint.

Regarding how exploring this will bring value to my class, there are three parts of this field that I think will bring interesting ideas to the table. These are:

• Password hashing and authentication methods: Knowing the technical details about how this process works will help to make the class more aware of its strengths and weaknesses.
• Statistical analysis of password complexity: I intend to offer the class a look into how password authentication plays out in the real world. By looking at existing password lists collected from actual companies through hacking and data breaches we will be able to get a better picture of where we currently stand in ensuring password security.
• Discussion (and possibly demonstration) of current password cracking techniques and software: Knowing how password attacks are made will help to educate everyone on how they can be defeated. Seeing how trivial it can be to crack weak passwords will hopefully make the whole class aware of the problems with password security, hopefully something we can all take forward as we enter into our specific fields in IT.

During this exercise I expect that I will find most of my information through articles and journals online. Because IT security is a high profile field that sees lots of action I expect that finding the information and analysis I need to be fairly easy.