Transcript wordpress.up.edu

Greystash
September Program Review
Team Failing
Erik Paulson
Kyle DeFrancia
Joseph Devlin
Advisors
Faculty: Dr. Crenshaw
Industry: Dr. Hendrix
A Problem
Nobody uses secure passwords
because its too hard
Our Solution
Make secure passwords easy
by generating them for you
How to use Greystash
How Greystash secure passwords are made
Generate secure passwords on the go
Protection
● Phishing
● Loss of one
password
● Brute force
attacks
Photograph by Jacob Wackerhausen/ThinkStock .
What Greystash Can’t Do
● Loss of extension password
● Attacker knows the target is a Greystash
user
● Web server attacks
LastPass
Yes
KeePass
Yes
Password
Hasher
Yes
Yes
Greystash
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
How Greystash Compares
Yes
Yes
Yes
Yes
Yes
Design Challenge 1
Storing passwords is risky.
Design Decision: never store passwords in a
centralized location
Why: reduce attack surface
Design Challenge 2
Users aren’t always at own their own
machine.
Design Decision: web service
Why: use our website to generate passwords
when not at own computer.
Project Risks
Risk 1: The hash algorithm we choose is not
secure.
To mitigate this: Design and implement our
software so we can drop in a new hash
algorithm very easily.
Project Risks
Risk 2: The third-party libraries we use become
deprecated.
To mitigate this: Choose open source libraries
that we can augment and backup.
Project Risks
Risk 3: Some of our team members are
working part time.
To mitigate this: Don’t procrastinate.
Leverage the help of our advisors. Careful
milestone planning.
Functional Specifications - Final Draft
4 Oct. 2013
Design Document - Final Draft
15 Nov. 2013
Experiment: Inject Image Into Password Field
22 Nov. 2013
Experiment: Website Rules
29 Nov. 2013
Complete First Draft of Hashing Algorithm
6 Dec. 2013
Password Submit Override Complete
13 Dec. 2013
Alpha Release: installable extension
● on/off toggle
● generate passwords with website URL, simple
password, and extension password
● submit generated password to the website
13 Jan. 2014
Milestones
Usability Test #1
17 Jan. 2014
Beta Release: extension and web service
on/off toggle
generate passwords with URL, simple password,
and extension password
submit generated password to the website
generate passwords on web service
13 Feb. 2014
Usability Test #2
17 Feb. 2014
Final Release: extension and web service
on/off toggle
generate passwords with URL, simple password,
and extension password
submit generated password to the website
generate passwords on web service
any secondary functionality
13 Mar. 2014
•
•
•
•
•
•
•
•
•
Milestones
Recap
● Generate passwords, never store them
● Google Chrome extension and website
● Security is the major concern
Backup
Old password
New password
Changing Passwords