Ngā Matapakinga | Discussion

    Joanne Roberts
    Email addresses and passwords
    9 December
    Public discussion Created by Joanne Roberts

    I find it frustrating when I have to enter an email address and a password to access an account then I get told one of them is wrong but not which one. It leaves me thinking did I use a different email address for this account? Is it a password that needs a number and a special character or was I able to use my really basic password? I'd like it to be able to tell me just the password is wrong so at least I know I'm using the correct email address. 

    NOTE: You have to be a member of the group in order to reply to a discussion
      • Tim Bell
        By Tim Bell
        May 1

        Great questions! The short answer is that the more helpful the site is, the less secure it is. 

        For example, if I'm trying to break into one of our accounts, I could go to (say) Trademe, and try to log in as 'juliecrossen@gmail.com'. If it says 'email is correct, password is wrong' then I know that there's someone with that email address registered on Trademe, and now I just need to figure out their password. If it just says that one of them is wrong, then it hasn't given me that valuable clue, and I don't know if I should try other names (juliecrossen1, juliecrossen2 and so on), or if I've got a valid account. That slows an attacker down a LOT.

        Digital security is like physical security... my bike would be more convenient for me to unlock if it had a two-digit combination lock, but it would also be easy for someone to steal my bike in a minute or so. If I had a 10 digit lock, they'll never guess it, but I'll also find it a real pain to use. And then they might cut the lock instead, so then I get a heavy chain, but now it weighs more than the bike. We look for a balance between convenience for the user and inconvenience for the unwelcome intruder.

        As for password strength - chances are it is software running in your own web browser that is telling you about the strength of it - the website will have set up a small program in the web browser when you visited the site, and that program counts the number of characters and digits, and reacts each time you type.

        And you definitely don't want to use the same password on multiple sites. I know it's a huge pain, but if you go to https://haveibeenpwned.com/ and type in your email address (it's safe to do but be prepared for alarming results), it will tell you of any websites that have been hacked and potentially revealed information about you, especially passwords. My university account shows 9 websites that were hacked where my information is stored. I can sleep at night because I know I use a different password for every site, so it won't be much use if they know what it is for the site that was hacked, although that single hack might be a worry enough). If I used the same password for one of those sites as, say, my bank, then it could be very costly as lots of people could now know my one favourite password. If it was the same as my Facebook password, my friends might have started getting weird messages from me (or weirder than usual). There are other protections in place, but that's covered in other parts of the DT curriculum (hashing is the main thing that makes your password particularly safe, but that's for when you're looking at cryptography). 

        Computer security is a huge topic, but there are a few thoughts. Usually if something seems like making things difficult, it's to make it REALLY difficult for the bad people.

        And as an aside, none of this directly relates to the topic of this section (error correction), which is about making sure your data (whether it's a good or bad password, or your public Facebook posts) is stored and transmitted without anything in it being altered by accident. But then, everything in computing ends being connected in some way! And counting the number of digits and letters in a password is a great programming challenge for students... just don't give them your personal password to try it on!

        • Joanne Roberts
          By Joanne Roberts
          May 1

          That is a great question Julie Crossen! I don't know, I'm passing this one on to Tim Bell. I'll get back to you with his response. 

          • Julie Crossen
            By Julie Crossen
            May 1

            I agree - that is a really common thing. I also like the 'hint' option given in some programmes which makes it easier to remember which log in I am supposed to be using. Question if a computer programme can tell me my password is weak -is that because it can read it or is it something to do with it identifying the types of characters used?

          Latest news
          • Kia Takatū ā-Matihiko rauemi
            Run your mouse around and see what you can find!
          • Announcing: Neke nuku Māui Challenge finalist
            Kia ora koutou ma, it's with great pleasure we share the Neke nuku challenge finalists (in no particular order) for 2020. Very soon the winners in each of the categories will be notified and we'll announce those details as well. Any words of encouragement for our te reo Māori digital...
          • Neke nuku Māui Challenge
            Neke nuku Māui Challenge
            Kia hiwa rā! Kia hiwa rā!   Take the Hangarau Matihiko challenge this te Wiki o te Reo Māori with Kia Takatū ā-Matihiko.   Submissions open. Enter here >       This challenge is for all teachers, kaiako and ākonga to get...
          Event calendar