CS19 : Authenticate


https://docs.google.com/presentation/d/1XwQCrUx_YS9onQn8treLfzeAPApIRjRgLwI3bJHfYL0/preview
A close look at the ways in which we can authenticate users to prove they are who they say they are.

We are learning ...
  • About authentication routines
So that we can ...
  • Understand the roles of standard authentication routines
    - biometric measures (mobile devices)
    - password systems
    - CAPTCHA
  • Write / use simple authentication routines
    - logon with username / password
    - registering accounts

CGP The Revision Guide Page 57, 58
CGP Exam Practice Workbook Page 66, 67

# Get Ready.png

Activity 1
Authentication methods

https://drive.google.com/file/d/0B83yXMOilskaYldOSFJ6dXJqVEk/view?usp=drive_web
Click to enlarge

As the name suggests, authentication allows a computer system to check who you actually are, not just who you say you are. The mail different types of authentication routine are ...
  • CAPTCHA routines which prove you are human;
  • Password systems which rely on only you knowing your secret password;
  • Biometric systems which rely on unique features of your body.

https://drive.google.com/file/d/0B83yXMOilskaTkkyYzZwOTRhVW8/preview
Click to enlarge, and discuss!

Task 1.1 Completely Automated Public Turing tests to tell Computers and Humans Apart (CAPTCHA)
Where we learn how CAPTCHA routines work

Get your headphones on

Watch the video which explains the history of CAPTCHA (very well) ...

I am not a robot (5:18)

Now visit the following demonstration pages (hosted by Google). Neither of these are live CAPTCHA authentication routines - i.e. they are not part of a website sign up process but they demonstrate how the two main types of CAPTCHA routines in use on the Internet today actually work in practise.

https://www.google.com/recaptcha/demo/
Original reCAPTCHA - sorry no link :(

https://www.google.com/recaptcha/api2/demo
Click to visit new noCAPTCHA reCAPTCHA Demo

Demonstrate your understanding

Using a suitable template, write a letter to Zackary which explains how CAPTCHA routines work and whether he should include on his new website.


Task 1.2 Passwords
Where we learn about strong passwords

We have looked at password security before (when we looked at how we keep data safe), so this should be revision. The major issue with passwords is making them difficult to guess.


On your own

Are you using one of the most common passwords?

On your own

Visit my password checker and try out your actual passwords to see if they are strong (don't worry, I'm not collecting them!) Look carefully at the 'minimum requirements' box which explains the feature of a good password.

Demonstrate your understanding

Create a simple poster for Zackary to help him to communicate strong password rules to the parents when he launches the schools new Canteen payment website. You could use some ideas from Google images if you want to ...


Task 1.3 Biometric authentication
Where we learn about the different types of biometric authentication methods

Biometric authentication relies on either your behavioural or physiological qualities to identify you. There are lots of ethical issues surrounding this area.

https://drive.google.com/file/d/0B83yXMOilskaX1Z1NzVpVlZUM3M/preview
Click to open in new window


In your notebooks / on paper

Sketch the diagram above in your notes. Add diagrams to represent the different authentication methods alongside each of the boxes.

As a class / in small groups

Discuss the ethical issues surrounding the use of your behaviour and your physical attributes to identify you. In your discussions, consider ...

https://drive.google.com/file/d/0B83yXMOilskaYnI3dU5kQXhnLVk/preview
Click to engage

Demonstrate your understanding

Create a table in your notes summarising the advantages and disadvantages of biometric authentication methods. Which one would you recommend that Zackary uses for his new canteen system, and why?


Activity 2
Practical authentication routines 

https://drive.google.com/file/d/0B83yXMOilskaNVJJWTFzTEdSQW8/preview
Click to enlarge

A simple logon system

We can use all the super cool file handling skills we learnt in Keeping data safe to implement a login system to only allow users who have an account to enter our program as long as they put in the correct password! Let's go!

Task 2.1 Practical logon system
Where we build a practical logon system in Python


Create a CSV file

You first need to either create or download a CSV file of the users for your system. Remember to make / open this CSV file in Notepad++ rather than a spreadsheet application - it's easier to see the structure.


But wait! "You can see what my password is!" I hear you say.


In a Python script

Type the following code into the script using your favourite Python IDE.

import sys # This is built in to Python
import csv # The csv.py module needs to be in the same folder as this script!

loggedin = False
users = csv.csv2sequence('users.csv')

username = input('Enter username : ')
password = input('Enter password : ')

for user in users:
  if username == user[0] and password == user[1]:
    loggedin = True
    break

if loggedin:
  print('Success - you are logged in as \'{0}\'.'.format(username))
else:
  print('Incorrect username or password.')
  sys.exit()

# Rest of program goes here ...

print('This is the rest of the program ...')

If you can't get the script working (or you are in a rush!) you can download login.py instead. The script uses the CSV library that we met in Keeping Data Safe. If you haven't got this in the same folder as the script, you will need to download another copy. As you can see, this would normally come at the start of a script. The last line in this snippet, sys.exit() will close the script if the username and / or password is incorrect, preventing the rest of the script running. Make sure that you test the script thoroughly.

4dcaf58a.013.png
In that case, I have no sympathy ...

Demonstrate your understanding

Remember that Erma wants you to explain how the script works. Make sure you have printed out a copy of the script for your notebook / folder and add suitable written comments to it in order to explain it's function. Using yEd or another suitable online diagram editor, create a flowchart of the script. 


Registering accounts

Yes, I suppose that you could simply add a new user into the CSV file to 'register' a new user, but how much more fun is it to implement a script to do it!

Task 2.2 Practical registration system
Where we build a user account registration system in Python


Check your CSV file

Firstly, make sure you have got a suitable CSV file with your users listed (HINT : you used one in the last task).

In a Python script

Using your favourite Python IDE, create the following script. No help this time, you've got to type it in, including the comments - don't be lazy and copy and paste, reading the script and the comments will help you understand how this works ...

import csv                                             # Needed to read/write the user file

USERSFILE = 'users.csv'                                # We've used a constant here!

users = csv.csv2sequence(USERSFILE)                    # Read the users file into a list

firstname = input('Enter first name           : ')
surname   = input('Enter surname              : ')
birthyear = input('Enter birthyear (4 digits) : ')

valid = False                                          # Assume the new username is not valid
while not valid:                                       # Keep going ...
  username  = input('Select username            : ')   # Ask for a username
  clash = False                                        # Assume I have no clash
  for user in users:                                   # Check each user in the user file
    if username == user[0]:                            # Is the username already in use?
      print('Username already in use - try again')     # Friendly message :)
      clash = True                                     # Register the clash
  if not clash:                                        # If there is no clash ...
    password = input('Set a password             : ' # Ask for a password
    users.append([username,password])                  # Append the new username/password to list
    csv.sequence2csv(users,USERSFILE)                  # Write the list to the user file
    valid = True                                       # Move on to the rest of the script :)

NOTE : You wouldn't normally simply use this script on it's own - you would include it in a menu system, but we are just developing skills - you will be expected to use these skills later on ...

I've used a CONSTANT in this script because the user filename would appear twice in the script otherwise and there is a chance that, if you change the filename, you might forget to change both instances of the filename in the script. Again, you need the CSV library (but I guess you know that already) for this script to run correctly.

Make sure you test the script properly.

4dcaf58a.013.png
Did you not learn your lesson from last time? it's like teaching cats to knit.

Demonstrate your understanding

Again, Erma wants you to explain how this script work so she can start to implement her own version for Zackary's website. Make sure you have got a copy of the script printed (use Notepad++ and print it in colour) and add enough written comments to explain it's operation. Using yEd or another suitable online diagram editor, create a flowchart of the script.


Programming challenges

Attempt the following challenges to demonstrate your understanding.
  • Create a Python script using IDLE (File > New File), save it as ... Task 2.2 Challenges.py
  • Use it to record your attempt at the following challenges.
  • When you have completed as many of the challenges as you can, evidence your work through a combination of screenshots and written explanations in a word processed document with a suitable header and footer. 
  • Remember to show the script and the output it generates.
EASY

If you look carefully, you will see that the script asks for three separate pieces of information, the first name, surname and birth year but then doesn't store these in the CSV file. Change the behaviour of the script so that it does stores this information in the CSV file as well as the username and password.

You will need to think carefully about the structure of the existing CSV file ...

MEDIUM

Try to implement a script which creates a suitable username for the user from a combination of  ...
  • the first 3 letters of their surname,
  • the first letter of their forename and
  • their birth year.
HARD

There is a chance that this automated system will cause a clash as well. Change your script so that it adds a unique number on the end if it finds a clash in the usernames currently in the script.



Assessment Task (Homework)

Synthesis! Creativity! Write a poem / record a podcast / create a video about authentication!

Authenticate! Authenticate!
How would you know,
Whether you, her or him,
Or an exception to throw!

# Now it's your turn!

Grading rubric

MASTER : You have written a poem which includes a verse for CAPTCHA, Passwords, Biometrics (and ethics) and have not used my first verse ...
APPRENTICE You have used my first verse and then added at least 3 factually correct verses about authentication
NOVICE : You have used my first verse and added 2 or 3 non-technical verses using keywords.

# Flash cards.png
Click to load key word list to help you make your own flash cards 


Hungry for more?

Once again, you should be using structured versions of these snippets. When we look at the section on structured programming, you will be asked to come back to this page and download the structured versions.