Authentication

We discussed authentication earlier as a pillar of security, and while there are other forms of authentication when it comes down to it, passwords provide the vast majority. Whether that is good or bad is up for nerds to debate, but it's the way that it is, so let's spend some time learning about passwords.

But before that, let's learn about some famous principles of security design from two people named Saltzer and Schroeder: Security Principles

You're going to see these guy's names a lot, and their "8 Design Principles" are considered required reading by many. I am not having you read the paper they originally introduced them in as it is quite long, but if you are super interested you can read part A of this big ole paper. (Not B, it's super boring and academic-y.)

Tasks:

  1. Describe the difference between privacy and security and how they relate to each other.
  2. List Saltzer and Schroeder's 8 Design Principles and describe why each is important in the context of passwords and authentication.
  3. Describe why psychological acceptability is the most important of all of these design principles.