Print your homework out and submit it in person at the start of class (3:00pm) on Monday, April 3. Homework will not be accepted after 3:00pm on that day.
Part 1 (50 points):
The National Institute of Standards and Technology has issued a draft set of password guidelines in DRAFT NIST Special Publication 800-63B Digital Identity Guidelines: Authentication and Lifecycle Management.
Review section 5.1.1 (and its subsections) on "Memorized Secrets." Pick two requirements discussed in this section (marked with SHALL or SHALL NOT) and explain why each one is or is not a good requirement, citing evidence from the research literature. You may find evidence in some of the passwords-related papers in the required or optional class readings, in papers mentioned in the class lecture notes, or in some of the CMU CUPS Lab passwords research papers.
Part 2 (50 points):
Write a paragraph explaining the rationale behind your major design decisions.
Write a paragraph explaining where/when in the course of selecting, downloading, installing, or using the app users will have the opportunity to see this privacy notice. Why do you recommend making the notice available in this way?
Make sure you cite relevant sources on notice design (for example, from the required or optional readings or lecture notes).
Part 3 (9-unit students should not do this part. 12-unit students will receive between 0 and 45 points for this part): Write a 3--7 sentence summary and short "highlight" for one optional reading assigned for the March 20, March 22, and April 3 classes.