Cybersecurity Lab: Password Cracking
By Drs. Dave Eargle and Anthony Vance
Part 1: Test Password Security
- Visit the following URL: https://lowe.github.io/tryzxcvbn/
- Try out different passwords to see how strong they are. (DO NOT USE YOUR ACTUAL PASSWORDS, though do try something similar).
Optional: If you want to learn more about password strength estimation, see this video and paper.
Part 2: Check an Account for a Prior Data Breach
- Check to see if one of your online accounts has already been breached.
Visit: https://haveibeenpwned.com. Type in one of your email accounts or usernames to see if it has already been compromised in a data breach. - Next visit: https://haveibeenpwned.com/Passwords
Try out some of your old & outdated passwords to see if they have already been compromised in a data breach. -
Finally, visit: https://haveibeenpwned.com/NotifyMe
Sign up to be notified when one of your accounts is breached in the future. - Question: Was one of your accounts breached? If so, which one(s)? Make sure you note this in your answer sheet submission!
Part 3: Sign-up for Two Factor Authentication
- Visit https://twofactorauth.org and browse through the categories to find an online service that you regularly use (e.g., Gmail, Snapchat, Instagram, Facebook, etc.). Click the box-arrow icon in the “Docs” column to learn how to set two factor authentication for that service. Sign up for 2FA for at least one account.
- Question: Which service did you enable 2FA for?
Part 4: Install and Set up a Password Manager
- If you’re not already using one, set up a password manager. I recommend creating an account with LastPass (free, or premium version $24 per year), or my favorite, 1Password (first six months free for students using this link, $36 per year). See here for a comparison of leading password managers.
- Next, install the browser extension for your password manager (see here for LastPass; see here for 1Password). With the browser extension installed, log into a website for which you have an account. Your password manager will ask to save the password after each login. Do this for three sites.
Part 5: Deliverables
- Please use the following answer sheet to prepare your assignment and then submit a PDF copy of your work. If you fail to use the following answer sheet and submit a PDF, you will not receive credit for completing the assignment.
- Take a screenshot of your password manager showing saved entries for at least three sites you visited and paste them into the provided answer sheet. Also, make sure the screenshot shows your username in the top left- or right-hand corner.
See the following sample screen shot links for reference: LastPass.com example screenshot , 1Password app example screenshot , 1Password.com example screenshot
Submission: You must submit your completed answer sheet via the “SUBMISSION FORM” link listed below to receive credit, no exceptions.
Please use the following answer sheet to prepare your assignment and then submit a PDF copy of your work. If you fail to use the following answer sheet and submit a PDF, you will not receive credit for completing the assignment.
- NOTE: Your PDF submission must follow the following naming convention: Lastname_Firstname_Cybersecuritypdf
Be sure to change your name accordingly!!!
Answer Sheet for Cybersecurity
***Be sure to READ THE SUBMISSION FORM listed below for additional requirements
*** Remember, no late assignments will be accepted!
***Only PDF’s submissions will be accepted.