Week 6 - Progress Report

Checking in again at the end of my sixth week of this project, there are a few interesting developments that could be interesting for some of my readers. Of course, the purpose of a progress report is to analyze where you are in relation to where you should be, looking back at the plan I tentatively set during week three. Having my research gathered and for the most part analyzed for its usefulness in the research paper, the next few weeks will be used to form the outline and drafts of the paper while also organizing my thoughts into a presentation that will be delivered towards the end of the quarter.

Having had time to organize most of my thoughts about my topic (password authentication), I have found that there is plenty of scholarly information available in this area, which makes a lot of sense when I consider just how critically important this topic is. Not just in the area of user account control, where passwords are used to control and ensure access and resources, but also how the underlying ideas such as hashing and encryption also provide the essential building blocks that the entire internet and global digital economy is built on. I do not think that the seriousness of these technologies can be overstated; they simply must continue to work. This is admittedly straying a bit from my original topic area, so I am mostly storing these ideas away for use in the future (possible senior project?).

Bringing this back around to my research paper, this past week I have spent most of my time on this project looking into password lists and forming my own collection from publicly available lists. This reveals certain trends that are concerning but also predictable, such as how almost no-one ever uses special characters if they are not required. Gathering and forming my analyses of these numbers will be an ongoing process for this next week, but I also plan to start the outline/first draft of my paper soon. I intend to break the paper/presentation into a few distinct categories such as the following:

• intro
• background information
• password authentication
• what it is
• what it relies on
• hashing
• salt
• cost
• complexity
• length
• password vulnerabilities
• active attacks
• brute force
• dictionary
• hybrid
• difficult to remember
• an analysis of password lists
• solutions to help cope with the problem
• password managers
• creative password creation strategies
• proper implementation of password authentication
• 2FA
• conclusion

This is in no way set in stone yet, my organization will likely change but I would like to cover all of the above topics to provide a full picture of the current state of password authentication. I do feel on track to meet my initial schedule requirements.