Cybersecurity Brainstorming: Difference between revisions
m (→"Safeword") |
|||
Line 8: | Line 8: | ||
=="Safeword"== | =="Safeword"== | ||
''All functionality should be inserted into the browser to appear as part of the various websites.'' | |||
(1) Shows security level of user-selected password as it's typed in (for registration) | (1) Shows security level of user-selected password as it's typed in (for registration) | ||
(2) If user chooses weak password, auto-fill will be turned off. User must manually type in all weak passwords | (2) If user chooses weak password, auto-fill will be turned off. User must manually type in all weak passwords |
Revision as of 22:33, 13 January 2010
This page reflects the brainstorming and discussion of the cybersecurity group in Jonathan Zittrain's Cyberlaw: Difficult Problems Class.
For the Mozilla-icon-privacy project see: Terms of Service Brainstorming.
Problems to Tackle
These are the three basic projects that we have talked about working on. We may also be interested in working on the Mozilla Privacy issue.
"Safeword"
All functionality should be inserted into the browser to appear as part of the various websites. (1) Shows security level of user-selected password as it's typed in (for registration) (2) If user chooses weak password, auto-fill will be turned off. User must manually type in all weak passwords
- Safeword will look for keystrokes and won't send the password to the website if it doesn't sense the appropriate keystrokes
(3) Refuse password if it's been used before (for a major/important/security-sensitive site)
- for security reasons, Safeword would only save the first 4 characters of each password (not the whole thing)
(4) Periodically prompt user to change password
- this would be a suggestion, not a requirement and users could set how often it should prompt
Other Ideas:
- encrypted password storage within browser
- using recaptcha or pictures (esp game), etc as dual key for all passwords
Mesh Network Vaccination
Firefox plug-in used by the 5% of power users that can help patch the problems created by the larger base of security-ignorant or security-apathetic users. I made the analogy to tower defense at some point.
For your edification, see Tower Defense. Mfeld 05:18, 13 January 2010 (UTC)
Stop Badware
Distress Password
Have 2 passwords --
- (1) secure password -- shows all emails, all data
- (2) distress password -- shows limited data (like limited profile), only showing safe data
Presentational ideas
- "This is your internet, this is your internet on botnet"
- Ham Sandwich metaphor acted out in reality
- Voiceover puppets a la JZ's video explanation of Herdict
- PSA Announcement featuring Internationally Recognized Magician Michael Feldman
- Lessig-style keynote presentation (as part)