Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <h1 class="headline">Mitigating Personal Information Exposure on The Web</h1>
- <section class="content">
- <h1 class="header">Content</h1>
- <ol>
- <li><a href="#intro">Introduction</a></li>
- <li><a href="#Users">Account access caused by users</a></li>
- <ul>
- <li><a href="#Users1">2.1</a></li>
- <li><a href="#Users2">2.2</a></li>
- <li><a href="#Users3">2.3</a></li>
- </ul>
- <li><a href="#Company">Account access through company systems</a>
- <ul>
- <li><a href="#Company1">3.1</a></li>
- <li><a href="#Company2">3.2</a></li>
- </ul>
- <li><a href="#Graphical">Graphical Passwords</a></li>
- <li><a href="#Conclusion">Conclusion</a></li>
- <li><a href="#ref">Reference List</a></li>
- </ol>
- </section>
- <main>
- <h2 id="intro">Introduction</h2>
- <p>The topic that will be discussed in depth is password security.
- This is because there are many cases which show that there has been a lack of
- proper password security, leading to a significant amount of cases where people
- have been hacked or had personal information leaked on to the web. I will base
- this review on issues preventing increased password security and then discussing
- methods or solutions for the issues.</p>
- <h2 id="Users">Account access caused by users</h2>
- <p id="Users1">Many users cause their own information to be be leaked due to minimal
- effort put in their own password security. Sometimes the issue comes from
- being uneducated about cyber security. One case states that this is a more
- occurring issue with elderly people (Pfleeger, 2010, p.597). This is
- because information about technology has changed and developed a lot
- over the years. Pfleeger also argues that people know of how easily
- password breaching can happen and the consequences, however they do not
- want to put the extra effort in to take accurate measures. Examples of
- this would be situations such as using the same password for multiple
- websites; not filling in optional security questions and not making a
- complex password. Poor protection measures like the ones stated above
- can cause someone to hack even the higher security websites by stealing
- information from lower security websites that may have similar
- information or passwords stored on them.
- </p>
- <p id="Users2">(Pfleeger p.598) He discusses a possible solution for the lack of people
- implementing good e-safety. It is to teach kids early and then trust them to
- do it on their own. When this was practices in public, a report from ofsted
- said “the provision for e-safety was outstanding” and that it helped kids gain
- good security skills from a young age. It also helped them to practice this in
- unsupervised situations. This approach would be more likely to provide better
- results as opposed to making it compulsory for the public to practice correct
- protection measures. This is because it could have a negative effect on people
- in ways such as removing freedom from the public.
- </p>
- <p id="Users3">One study came up with a method to deal with situations such as password
- reuse (Jeffrey L. Jenkins 2013, p.196). He came up with a hypothesis using
- just-in-time fear appeals. This states that if password reuse is being
- detected, a just-in-time fear appeal will pop up to scare the user into taking
- the time and effort to make a different and more secure password. Jenkins also
- released his findings which states that 88.41% of users made their password
- unique after receiving a just-in-time fear appeal. An approach like this would
- be likely to affect the section of the public that does not care too much
- about password protection or people who procrastinate as it signifies how
- important making a secure password is and that you can be hacked at any time.
- </p>
- <h2 id="Company">Account access through company systems</h2>
- <p id="Company1">Other Studies argue that it is not always the users fault. Some systems are
- built in a way that makes it easy for a hacker to gain access. One study
- (Gauvin, verse 1) discusses about how easy it is to use “forgotten password”
- to gain access to an account. If a hacker uses the forgotten password link
- that a website would have, there would be security questions which could be
- something such as “what is your mother’s maiden name?”. They could find this
- information through places such as social media where a person can find
- people’s relationships, find out their mother and their maiden name. Doing
- this would give them access to their account with minimal effort.
- </p>
- <p id="Company2">Gauvin presents an invention (verse 15-16) that considers social media and
- other methods of access to your information when making an account. This means
- that when making security questions it notifies the user of the level or risk
- based on the amount of information available about the user on the web. Based
- on this, it will take actions such as notifying the user through another
- method, requesting more verification or even blocking the forgotten password
- transaction. This idea for an invention would make a user’s accounts more
- protected against other hacking methods, such as making phone calls to the
- company, that require information they could easily access through other
- sources on the internet.
- </p>
- <h2 id="Graphical">Graphical passwords</h2>
- <p>One method that can improve password security is graphical passwords.
- A graphical password is an authentication system where the user selects from
- images in a certain sequence presented by an interface. However there is a
- disagreement in the community on whether graphical passwords are better than
- normal passwords where you type in characters. One source
- (Lashkari, et al., 2009, p.145) states that graphical password schemes are
- more vulnerable to shoulder surfing than alphanumeric text passwords. Shoulder
- surfing is a social engineering tactic where someone spies on a person
- inputting important information such as passwords or ID. Another article
- argues that graphical passwords are better than alphanumeric passwords.
- This article researches how easy it is for people to memorise graphical
- passwords compared to alphanumeric and how secure it is against shoulder
- surfing. There was a laboratory experiment where 20 participants had to
- shoulder surf basic passwords vs PassFace (Tari, et al., p.56) with mouse
- and PassFace with a keyboard, which is a graphical password interface.
- Tari shows evidence of the experiment (p.62) in the form of a table suggesting
- that Passface with a mouse is the most memorable on average while dictionary
- and non-dictionary alphanumeric passwords are easier to hack than PassFace.
- </p>
- <h2 id="Conclusion">Conclusion</h2>
- <p>To sum up the discussion above, there are many ways for hackers to get into a
- user’s account however, more methods and inventions for systems are coming
- out. Teaching kids proper e-safety would seem to be a very good method to
- mitigate personal exposure but only for long term as it does not affect the
- current adults in society. Graphical passwords also seems like it could be a
- major help but more evidence is required before justifying the usage of it.
- This is because of the amount of effort the user will put into taking accurate
- measures. The methods would need to be in a version where it is simple and
- efficient for any user, to reach this part of the public that put minimal
- effort into security.</p>
- <h2 id="ref">References</h2>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement