You work in the security department of a bank’s website. To ac...

Question

You work in the security department of a bank’s website. To access their accounts, customers of the bank must create an 8-digit password. It is your job to determine the password requirements for these accounts. Security guidelines state that for the website to be secure, the probability that an 8-digit password is guessed on one try must be less than 1/60^8, assuming all passwords are equally likely.

Your job is to use the probability techniques you have learned in this chapter to decide what requirements a customer must meet when choosing a password, including what sets of characters are allowed, so that the website is secure according to the security guidelines.

3. For additional security, each customer creates a 5-digit PIN (personal identification number). The table on the right shows the 10 most commonly chosen 5-digit PINs. From the table, you can see that more than a third of all 5-digit PINs could be guessed by trying these 10 numbers. To discourage customers from using predictable PINs, you consider prohibiting PINs that use the same digit more than once.

b. Would you decide to prohibit PINs that use the same digit more than once? Explain.

Accepted Answer

Welcome back, everyone. In this problem, a company issues 4 digit access codes to employees. Each digit can be any number from 0 to 9, and digits may repeat. Management is considering a policy where each code must have all unique digits with no repeats. Would this policy make the codes more secure? Select the correct reasoning. A says no because it reduces the total number of codes. B, yes, because it increases the total number of codes. No, the total number of possible codes remains unchanged, and D, yes, because it prevents common codes. Well, if we're gonna figure out which policy makes the codes more secure, let's think about the total number of possible codes without the policy and with the policy. Now, without the policy, OK, in other words, where the digits may repeat. Then each digit has 10 options, OK? And for 10 options where the digits can repeat, OK, so in other words with repetition. Then the number of codes that we would have would be equal to 10, multiplied by 10, multiplied by 10, multiplied by 10, OK, because we have our 4 digits that each have 10 possibilities, and that is gonna be equal to 10,000 possible codes. So that's the possibility, the number of ways without the policy. Now, with the policy, OK, what it really means then is that after we select our first code, OK, then the second one can't be the same as the first. In other words, we have a smaller number of values to choose from, OK? So this is without repetition. And no, this is going to be a permutation of 4 digits from 10 possible digits. In other words, for our first digit, we have 10 possibilities. For a second digit, we have 1 less or 9 possibilities. The third digit then has 8 possibilities, and the fourth digit will have 7 possibilities. And that product, 10 multiplied by 9 multiplied by 8 multiplied by 7 is equal to 50,040. So with the with the policy then we have 50,040 possible codes. So the number of possible codes actually decreases with the unique digit policy. So while intuitively it might seem that requiring unique digits improves security, it actually reduces the number of possible combinations, making it easier for an attacker to guess the code by brute force. So that means then that A would be the correct answer. This policy would not make the code secure, the codes more secure because it reduces the total number of codes. Thanks a lot for watching everyone. I hope this video helped.

Key Concepts

Probability

Character Set

Predictability and Uniqueness

Watch next