# Notes for Week 7 (Jack & Martha) * Ice breaker - Password related quiz (with question on 2 truths and a lie on M&J) * Promises workshop is difficult --> **Martha to take responsibility of finding a short intro video (promises)** * Issue on the workshop * Extra session before the workshop? Video? * Ongoing definition board (start it during workshop, define together after the exercise) * Quick quizzes (e.g. jwt vs cookie?) (made during the course) * Made by Martha: quiz on the learning outcomes at the end of the week. Quiz app (kahoot.it) (made during the course) ## Learning outcomes from new curriculum to follow ### Hashing & salting We can describe why it is important to hash and salt a password We can hash and salt passwords so they are not stored as plain text We can use a hashing algorithm to hash a password We can use a salt to hash a password We can implement hashing and salting with bcrypt Encryption ### before this workshop: envelope with props ### Cookies & JWTs We can explain why we need to create a signed JSON Web Token We can create a JWT containing a user identifier We can set the JWT as a cookie to identify a logged in user We can identify requests from a logged in user using the cookie We can ensure only authenticated users see protected content We can explain the difference between stateful and stateless authentication JavaScript We can use the Application tab in Chrome dev tools to view cookies ### Promises We can create a promise from scratch We can wrap a function that takes a callback in a promise # Things to tell Bobby - Promises video # Martha - Promises video - Password quiz - (Look at their projects from prev week) - Think of a marquee way to explain promises (mnemonic) Resolve / reject # Jack - Password quiz - birthday of martha - (Look at their projects from prev week) - Props to explain stateless vs stateful - Think of a marquee way to explain promises Things for the future: - Healthy snacks --- **QUIZ QUESTIONS** --- ## 1 Which company is said to have had the worst password breach of all time, with 3 billion accounts in 2013 but didn't come to light til 2016? --- ## 2 How long would it take a typical brute force attack to guess this password “z7S69s@9.”? --- ## 3. What are the top 3 most common passwords (as of 2018)? --- ## 4. What is the name and age of Jack's dog? --- ## 5. How many passwords were stolen from Linkedin and Adobe in total? --- **Q1: The very worst data breach, the hacking of 3 billion Yahoo! accounts, happened in 2013 but didn’t come to light until 2016, meaning hackers had a three-year head start on exploiting the stolen data.** https://www.pcworld.com/article/3392860/5-alarming-facts-in-honor-of-world-password-day.html --- --- **Q2: 2 years, four months and 16 days In 2020 it’ll take about 9 years, six months and 18 days** --- **Q3: 123456, password, 123456789** --- **Q4 Answer: Bailey**  --- **Q5 Answer: 38 million Adobe + 6.5 million Linkedin** --- Our Schedule ## Monday ### 10-10:30 - quiz and presentation https://drive.google.com/file/d/1Rdk5lczrpdgG4ts48xR_BhioDS-cvIO3/view?usp=sharing ### 10:30-12:30 Workshop on Workshop on password management: 2hrs https://github.com/foundersandcoders/ws-password-management Tips: - Look at the tests - What do you need to do with the salt? - Difference between password before and after hashing - What happens when there's an errro? What should we return? ### 12:30 - 13:00 and 14:00-15:30 Workshop on cookies: 2hrs https://github.com/foundersandcoders/ws-cookies Tips: - Print out the method of the switch statement - How do you output the authenticated part? ### 15:30 onwards Tech for Better? ## Tuesday ### 10-11:00 Morning Challenge on client side validation: 1hr https://github.com/foundersandcoders/mc-client-side-validation Tips: - required minlength - Use pattern - Use theInput.validity.patternMismatch ```javascript const email = document.getElementById("email"); email.addEventListener("input", function (event) { if (email.validity.typeMismatch || email.validity.patternMismatch) { email.setCustomValidity("I am expecting an e-mail!"); } else { email.setCustomValidity(""); } }); ``` ### 11-13:00 Workshop on stateless session management: 2hrs https://github.com/foundersandcoders/ws-jwt-stateless-session #### I first got the cookies working with cookie lib ```javascript // Set cookies res.setHeader('Set-Cookie', cookie.serialize('logged-in', 'True', { maxAge: 360 })) ``` ```javascript // Remove cookies res.setHeader('Set-Cookie', cookie.serialize('logged-in', 'True', { maxAge: 0 })) ``` ```javascript // Get cookies const cookies = cookie.parse(req.headers.cookie || ''); ``` ### 14:15:00 - Project Intro & Research Intro Projects - https://github.com/foundersandcoders/master-reference/blob/master/coursebook/week-7/project.md Research - https://github.com/foundersandcoders/master-reference/blob/master/coursebook/week-7/research-afternoon.md ### 15:00-17:00 (maybe start earlier) Project research then presentation prep ### 17:00-18:00 Presentations ## Wednesday ### 10-11:00 Morning challenge on Promises: 1hr ### 11:00-13:00 Projects ### 14-15:00 Design burst ### 15-17:00 Projects ### 17-18:00 Speaker ## Thursday ### Projects all day! ## Friday ### 10-11:00 Code review ### 11:00-12:00 review code review ### 12-13:00 Prepare presentations ### 14-15:30 Presentations ### 15:30-16:30 SGC ### 16:30-17:00 Group SGC ### 17-18:00 Talk ## 1a) Both Adobe and Linkedin have suffered major passoword breaches over the last few years. Which company had the most passwords hacked? **Answer: Adobe** https://www.keepersecurity.com/blog/2016/10/07/20-fascinating-facts-about-passwords/ ## 1b) **Answer: ** ## 2. What percentage of phishing emails get opened? **2 Answer: 30%**