Explanation:
1. How Would You Do It?
a. To investigate what password requirements should be set to meet the security guidelines, I would first gather information on the current password policies in use and their effectiveness. Then, I would analyze data on past security breaches and attempts to hack into accounts to identify common patterns and weaknesses in password choices. I would also research best practices for password security and consult with experts in the field to determine the most effective approaches.
b. The statistical methods that could be used to analyze password security include probability theory, combinatorics, and statistical inference. These methods can be used to calculate the probability of guessing a password, determine the number of possible password combinations, and estimate the effectiveness of different password policies.
2. Answering the Question
a. To meet the security guidelines, the password requirements should be set to ensure that there are at least 6.446 x 10^12 possible password combinations. One approach would be to require that passwords include a mix of upper and lowercase letters, numbers, and symbols, and prohibit the use of easily guessable words or phrases. For example, the password policy could require that passwords be at least 8 characters in length, contain at least one uppercase letter, one lowercase letter, one number, and one symbol, and not include any consecutive repeating characters or easily guessable patterns.
b. To show that the probability of guessing a password on one try is less than 1/608, we can use the formula:
P(guessing password on one try) = 1 / (number of possible password combinations)
Assuming the password requirements outlined in part (a), the number of possible password combinations is:
26^(8) * 10^(8) * 33^(7) = 6.634 x 10^24
Therefore, the probability of guessing a password on one try is:
1 / 6.634 x 10^24 = 1.508 x 10^-25
This probability is much less than 1/608, so the password requirements outlined in part (a) meet the security guidelines.
3. Additional Security
a. Prohibiting PINs that use the same digit more than once would reduce the number of possible 5-digit PINs. The total number of possible 5-digit PINs is 10^5, or 100,000. If we prohibit the use of the same digit more than once, the number of possible 5-digit PINs would be:
10 * 9 * 8 * 7 * 6 = 30,240
Therefore, prohibiting the use of the same digit more than once would reduce the number of possible 5-digit PINs to 30,240.
b. Yes, I would recommend prohibiting PINs that use the same digit more than once, as it would significantly reduce the likelihood of a PIN being guessed correctly. While it may inconvenience some customers, it is a small price to pay for the added security.