The latest articles on DEV Community by Ibtehaz (@shepherd_06). https://dev.to/shepherd_06 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F260297%2F6e68f343-04ed-44ca-8edd-a7260d84ddfd.jpeg https://dev.to/shepherd_06 en Ibtehaz Wed, 04 Oct 2023 13:37:31 +0000 https://dev.to/shepherd_06/usability-vs-security-what-a-password-game-taught-me-24o2 https://dev.to/shepherd_06/usability-vs-security-what-a-password-game-taught-me-24o2 <p>Hello 👋, Dev.to community! Today, I want to discuss a subject that's at the heart of cybersecurity: passwords. I recently played a game called "The Password Game" which humorously (and somewhat frustratingly) shows the player the many rules that could be applied to create a "secure" password. While the game is amusing, it also sheds light on a very real issue: the trade-off between usability and security in password management.</p> <h2> The Game </h2> <p>The Password Game (find it <a href="https://neal.fun/password-game/">here</a>) offers an escalating set of rules for creating what it considers a secure password. I made it to level 15, where a chess move completely baffled me. But the journey was eye-opening. Some of the rules included:</p> <p>Your password must include a number.<br> Your password must include an uppercase letter.<br> Your password must include a special character.<br> The digits in your password must add up to 25.<br> Your password must include a month of the year.<br> ... and so on, up to including a chess move and even a leap year!</p> <h2> The Trade-Off </h2> <p>While the game is hilarious, it demonstrates the challenges in setting up secure yet usable password policies. If you followed all of its rules, you'd theoretically create a secure password—but would you remember it?</p> <h3> The Usability Problem </h3> <p>Creating a unique and strong password for every service we use can be overwhelming. Many people either reuse passwords or go for the simple ones that are easy to remember but also easily guessable. The downside? Once one account gets breached, all accounts using that password are compromised.</p> <h3> The Security Problem </h3> <p>As cybersecurity professionals, we understand the risks of weak passwords and the vulnerabilities they introduce. We could mandate highly complex passwords, but if the requirements are too extreme, we risk discouraging users from using the service in the first place.</p> <h2> Possible Solutions </h2> <h3> Password Managers </h3> <p>One approach to solving this problem is to use a password manager. However, even that comes with its caveats. For instance, you have to create a robust yet memorable master password. Lose that, and you lose access to all your stored passwords.</p> <h3> Multi-Factor Authentication (MFA) </h3> <p>Implementing multi-factor authentication can add an additional layer of security, making it harder for attackers even if they have the password.</p> <h2> Conclusion </h2> <p>The Password Game, despite its humor, raises an important issue we often overlook. The quest for robust cybersecurity often conflicts with the need for ease of use. Striking a balance is challenging but crucial for both service providers and users. I discovered this game while enrolled in the CS50 Cybersecurity course on edX, and it's an excellent resource for diving deeper into these issues.</p> <p>So, what are your thoughts on this trade-off? How do you find the balance between usability and security in your projects or daily life?</p> cybersecurity passwordmanagement usability cs50 Ibtehaz Tue, 17 Dec 2019 08:53:39 +0000 https://dev.to/shepherd_06/bizarro-a-library-for-messenger-platform-3e38 https://dev.to/shepherd_06/bizarro-a-library-for-messenger-platform-3e38 <p>I have written four/five chatbots in the last couple of years. All of them were for Facebook's Messenger platform. Although these chatbots are pretty rudimentary, other than asking basic YES/NO questions, they pretty much can't do anything, I have taken great pleasure in building them from the ground up. After writing my third chatbots for my current employer, I have figured it's pretty difficult to write every functionality every time. Quick Reply, Postback, Typing on/off, Marked seen, different types of buttons, they all took a lot of time in the development process. I ended up spending a lot of time in between writing utility tools of these bots. And, since there was three/four months gap in between the development, I usually forgot what I was working on. So, I decided to build a library containing some of the common functionalities. I am not bragging (okay, probably a little bit!), it really made my life easier. I have developed and published it in PyPI a long time ago (six months I think, since the last major update). I was (still am) too scared to write anything about it. However, since the bot did not crash in last couple of months, I think it suffices to say, it has passed its beta period.</p> <p>Github Link: <a href="https://github.com/p1r-a-t3/FB_Bot">https://github.com/p1r-a-t3/FB_Bot</a><br> PyPI: <a href="https://pypi.org/project/bizarro/">https://pypi.org/project/bizarro/</a></p> <p>Bizarro supports the following features:</p> <ol> <li> Echo Back (Simple text reply) </li> <li> Quick Reply </li> <li> Typing On </li> <li> Marked Seen </li> <li> Button <ul> Postback Button </ul> <ul> Url Button </ul> <ul> Call Button </ul> </li> <li> Template <ul> Button Template </ul> <ul> Generic Template </ul> <ul> List Template </ul> </li> </ol> <p>I haven't got time to work on the attachment reply on any of the functionalities. However, I think without them, they pretty much serve the good deeds. Feel free to test it out if you have got any time. Let me know if there's any bug/features you need. Looking forward to hearing from you.</p>