A close look at the ways in which we can authenticate users to prove they are who they say they are.
We are learning ...
So that we can ...
As the name suggests, authentication allows a computer system to check who you actually are, not just who you say you are. The mail different types of authentication routine are ...
Task 1.1 Completely Automated Public Turing tests to tell Computers and Humans Apart (CAPTCHA) Where we learn how CAPTCHA routines work
Watch the video which explains the history of CAPTCHA (very well) ...
I am not a robot (5:18)
Now visit the following demonstration pages (hosted by Google). Neither of these are live CAPTCHA authentication routines - i.e. they are not part of a website sign up process but they demonstrate how the two main types of CAPTCHA routines in use on the Internet today actually work in practise.
Original reCAPTCHA - sorry no link :(
Click to visit new noCAPTCHA reCAPTCHA Demo
Using a suitable template, write a letter to Zackary which explains how CAPTCHA routines work and whether he should include on his new website.
Task 1.2 Passwords Where we learn about strong passwords
We have looked at password security before (when we looked at how we keep data safe), so this should be revision. The major issue with passwords is making them difficult to guess.
Are you using one of the most common passwords?
Visit my password checker and try out your actual passwords to see if they are strong (don't worry, I'm not collecting them!) Look carefully at the 'minimum requirements' box which explains the feature of a good password.
Create a simple poster for Zackary to help him to communicate strong password rules to the parents when he launches the schools new Canteen payment website. You could use some ideas from Google images if you want to ...
Task 1.3 Biometric authentication Where we learn about the different types of biometric authentication methods
Biometric authentication relies on either your behavioural or physiological qualities to identify you. There are lots of ethical issues surrounding this area.
Sketch the diagram above in your notes. Add diagrams to represent the different authentication methods alongside each of the boxes.
Discuss the ethical issues surrounding the use of your behaviour and your physical attributes to identify you. In your discussions, consider ...
Create a table in your notes summarising the advantages and disadvantages of biometric authentication methods. Which one would you recommend that Zackary uses for his new canteen system, and why?
We can use all the super cool file handling skills we learnt in Keeping data safe to implement a login system to only allow users who have an account to enter our program as long as they put in the correct password! Let's go!
Task 2.1 Practical logon system Where we build a practical logon system in Python
You first need to either create or download a CSV file of the users for your system. Remember to make / open this CSV file in Notepad++ rather than a spreadsheet application - it's easier to see the structure.
But wait! "You can see what my password is!" I hear you say. Type the following code into the script using your favourite Python IDE.
import sys # This is built in to Python loggedin = False users = csv.csv2sequence('users.csv')username = input('Enter username : ') password = input('Enter password : ')
for user in users: if username == user[0] and password == user[1]: loggedin = True break if loggedin: print('Success - you are logged in as \'{0}\'.'.format(username)) else: print('Incorrect username or password.') sys.exit() If you can't get the script working (or you are in a rush!) you can download login.py instead. The script uses the CSV library that we met in Keeping Data Safe. If you haven't got this in the same folder as the script, you will need to download another copy. As you can see, this would normally come at the start of a script. The last line in this snippet, sys.exit() will close the script if the username and / or password is incorrect, preventing the rest of the script running. Make sure that you test the script thoroughly.In that case, I have no sympathy ... Remember that Erma wants you to explain how the script works. Make sure you have printed out a copy of the script for your notebook / folder and add suitable written comments to it in order to explain it's function. Using yEd or another suitable online diagram editor, create a flowchart of the script.
Registering accounts
Yes, I suppose that you could simply add a new user into the CSV file to 'register' a new user, but how much more fun is it to implement a script to do it!
Task 2.2 Practical registration system Where we build a user account registration system in Python
Firstly, make sure you have got a suitable CSV file with your users listed (HINT : you used one in the last task).
Using your favourite Python IDE, create the following script. No help this time, you've got to type it in, including the comments - don't be lazy and copy and paste, reading the script and the comments will help you understand how this works ... import csv # Needed to read/write the user file USERSFILE = 'users.csv' # We've used a constant here!
firstname = input('Enter first name : ') surname = input('Enter surname : ') birthyear = input('Enter birthyear (4 digits) : ') valid = False # Assume the new username is not valid while not valid: # Keep going ... username = input('Select username : ') # Ask for a username clash = False # Assume I have no clash for user in users: # Check each user in the user file if username == user[0]: # Is the username already in use? print('Username already in use - try again') # Friendly message :) clash = True # Register the clash # If there is no clash ... password = input('Set a password : ') # Ask for a password users.append([username,password]) # Append the new username/password to list csv.sequence2csv(users,USERSFILE) # Write the list to the user file valid = True # Move on to the rest of the script :)NOTE : You wouldn't normally simply use this script on it's own - you would include it in a menu system, but we are just developing skills - you will be expected to use these skills later on ... I've used a CONSTANT in this script because the user filename would appear twice in the script otherwise and there is a chance that, if you change the filename, you might forget to change both instances of the filename in the script. Again, you need the CSV library (but I guess you know that already) for this script to run correctly. Make sure you test the script properly.
Did you not learn your lesson from last time? it's like teaching cats to knit. Again, Erma wants you to explain how this script work so she can start to implement her own version for Zackary's website. Make sure you have got a copy of the script printed (use Notepad++ and print it in colour) and add enough written comments to explain it's operation. Using yEd or another suitable online diagram editor, create a flowchart of the script.
Programming challenges Attempt the following challenges to demonstrate your understanding.
Click to load key word list to help you make your own flash cards
|