Light

uclaacm / passworks Goto Github PK

View Code? Open in Web Editor NEW

4.0 13.0 1.0 3.93 MB

a learning lab that teaches the importance of password security! collab w/ ACM Cyber, jamie is a real MVP

Home Page: https://passworks.uclaacm.com

License: MIT License

HTML 1.90% CSS 3.98% JavaScript 94.12%

learning-labs cybersecurity passwords teach-la cyber

passworks's Introduction

Passworks

Passworks is one of ACM Teach LA's first learning labs, a set of interactive online web modules designed to make learning easier. This specific learning lab is focused on password security: we teach students about using long and complex passwords, not using common passwords, and a taste of social engineering. We designed the content in conjunction with ACM Cyber. Big thanks to our content lead, Alyssa Wang, and our lead developer, Jamie Liu!

We wrote a blog post explaining how this module was made - check it out!

We ran a beta-test of Passworks with CityLab at UCLA for our Cyber Day with CityLab in August 2020.

This project was written with React, primarily relying on Material-UI components. We also make use of react-router and Dropbox's zxcvbn, as well as a list of the most common passwords from Wikipedia. It was bootstrapped with Create React App. It is deployed with Netlify.

Development Setup

We'll use a really common Node.js project workflow!

First, let's clone our repository, and install all of our node dependencies:

git clone https://github.com/uclaacm/passworks.git
cd passworks
npm install

To start our app, you just need to run npm start!

npm start

And to build our project for production (with CRA's webpack bundling and all that goodness),

npm run build

Note: we've added a pre-commit hook (with husky) that runs Prettier and ESLint. Admittedly, our rules are tighter than most, so we recommend you install an IDE plugin to make your development workflow easier.

Licensing & Attribution

This project and its code are licensed under the MIT License. You're free to use them however you wish, though we'd love to hear from you if you found this useful!

passworks's People

Contributors

Stargazers

Watchers

Forkers

passworks's Issues

update README

to something other than the default create react app content

Add a way to navigate between lessons

Idea:

bar (maybe a header or footer, or just a bar under the main lesson) with all lesson names, clicking on a lesson name takes you to the lesson
current lesson is highlighted in the group, others slightly dimmer
organize as a row of dots or bubbles, maybe with arrows between

Reduce the amount of text on each intermittent slide.

CityLab instructors raised concerns that they would like there to be less text on each slide so that there would be more opportunities for them to insert themselves to explain or teach some of the material.

Landing Page

Add default password values

To make it easier to navigate through/test the lessons, have valid autofilled passwords at each stage. Ideally, these will be randomly generated, but hardcoded will be fine for testing.

make math less math-y

Password character variety lesson

Experiment with using different character sets for the variety lesson, as using vowels is a bit awkward.

Ideas:

"abcdef"
"qwerty"/similar

Add math explanation for password length/variety

Add a mathematical explanation of how many more passwords can be generated

for length: compare using 4 digits and however many digits they enter
for variety: compare using the smaller alphabet vs the larger alphabet

Would be cool to also have a description of how fast computers can generate passwords, and state that the animation is slowed down.

General Feedback

Feedback from matt and alyssa for user friendliness

Add timer

start a timer when the password generation starts to show users how long it took to generate

Make chat more interesting

Add animation or have users click through the chat

Content Tweaks

feedback from Emmy

For jason’s password guessing part—disable case sensitivity, add cat/cats as one answer, maybe add hints for consecutive wrong answers
some way to highlight important takeaways would be good—putting info in a box of some sort or highlighting it can differentiate key information from activity instructions

Visual bugs on some mobile devices

When the keyboard is opened to input a password on an Android phone, the lesson text slides up behind the phone component as displayed below (screenshot taken on a samsung galaxy note 8)

Using the device simulator in the chrome DevTools, I've found other visual bugs using:

Moto G4, Galaxy S5, iPhone 5/SE: text is partially visible or not visible at all
iPhone 6/7/8: text is visible, but right up against the phone (poorly padded)
Surface Duo: text is entirely rendered behind the phone
Galaxy Fold: text is partially behind the phone

Flesh out social engineering lesson

add filler instagram posts, decide on security questions

Project infrastructure

belated, but could be a good idea to add:

eslint
husky
editorconfig

Use react-router to enable browser-based navigation

Likely involves some significant refactoring.

Remove explanation of the math behind the numbers of passwords possible.

CityLab instructors will instead teach a small lesson on permutations and combinations prior to introducing passworks.

Design Tweaks

feedback from Emmy

differentiate buttons on left and right side to further differentiate phone screen + instructions
add scroll bar to phone on the instagram page part
bottom part with all the lesson names and progress should be at the top if there’s space

Make username text non-selectable in the Instagram mockup.

Intersperse discrete breakpoints for CityLab members to reconvene with the class.

Using multiple choice questions on the material covered between breakpoints, for example, was suggested at the meeting.

Show comparison of time-to-brute-force of 4 digit v. 6 digit password

For example, "wow! Using six digits, the computer took 3x as long!"

Common passwords lesson

Make the transition between the password submission and result less awkward.

Possibility: put the input and result in a different component just for the common password lesson, and have them be rendered together on the phone screen to eliminate the need for going back and forth between slides.

Add metadata & SEO

meta tags

Social engineering lesson

Add a social engineering lesson.

Idea:

Jason uses the same password for everything (and we know what the password is)
we're trying to break into one of his accounts
account has security questions that we need to answer
we use Jason's instagram posts to answer the security questions

Add content to empty phone screens

Ideas for filling screens:

#7
add welcome messages or graphics to other screens
add common passwords table
show examples for "you'll often see many sites recommend you use ..."

Represent difference in quantity of possible passwords based on length via a relative-scale graphic.

For example, relative-sized bubbles.

Add a welcome and closing screen

Add a secure password game for kids at the end of the module.

This can be as simple as a password strength checker. Consider https://github.com/dropbox/zxcvbn.

End-of-activity "Check Your Understanding" Questions

Make password generation random

migrate away from using the CountUp package and create our own password generator + timer

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.