Oh you are 15. I’m glad you are playing in this space! Cybersecurity is a rewarding career.
With due respect to the fact you are making an effort to get into the scene, congratulations for making the effort to share!
Maybe just hold off on saying it’s going to “change the world”. We never say unhackable.
But in all seriousness, you do not have sufficient exposure or time in the field to sufficiently understand the threats your product is trying to defend against.
You are proposing replacing people’s security systems with your new unhackable thing. But it’s missing essential parts.
Schneier’s Law: any person can invent a security system so clever that they can’t think how to break it.
Keep playing, but maybe hold off on the “products” for a few more years while you learn the rest of the field, otherwise you may be doing harm to people, people’s data, etc.
Thanks for your feedback! I just wanted to clarify that I'm not your average 15-year-old. I've been actively involved in security testing, malware analysis, and have even been in trouble after hacking into my school's system when I was 14—so I understand the weight of security and the challenges involved.
That said, I definitely respect the complexity of the field and the importance of experience. I’m still learning every day and appreciate the insights from more seasoned professionals. While I may have had some early experiences, I realize there’s always more to learn, especially when it comes to ensuring my systems are truly secure and ready for the real world.
I’ll be taking the feedback seriously and continuing to build on my knowledge. Thanks again for sharing your thoughts!
If you've not seen it already, Ross Anderson's book is both excellent and free (second edition at least, third edition has free chapters and doesn't cost much)
I did the same thing at your age, re school, so I understand. I also liked coming up with auth schemes.
One thing I would suggest is dropping the mail component and not involving it at all - you are using this as a weak second factor, exportable; monthly rotation.
Bind it to a hardware key instead and use proper cryptography.
Thanks for pointing that out. To clarify, the text and ideas are entirely mine, though I do use tools to help structure my thoughts sometimes. I’m here to learn from feedback like yours, and I’m genuinely trying to improve my understanding of the field.
I understand that the way I explain things might come off differently compared to more seasoned security professionals, and I’ll work on improving the system that as I continue learning. I’m very hands-on in my approach, from testing to developing, and the feedback I’m receiving is helping me see where I can improve, especially in how I communicate technical concepts.
I appreciate the constructive criticism, and I’ll keep working to make sure I’m approaching things with the depth and accuracy expected in the field. Thanks for the advice!
To counter the other commenter’s harshness (I can be harsh myself): keep at it. I wish I had started as early as you. Eagerly take advice from proven competent people and experiment with wild abandon and don’t fear mistakes.
Maybe come back in a few years after some more study and understanding of this world.