<h1 class="headline">Mitigating Personal Information Exposure on The Web</h1

1.  
2. <h1 class="headline">Mitigating Personal Information Exposure on The Web</h1>
3. <section class="content">
4. <h1 class="header">Content</h1>
5. <ol>
6. <li><a href="#intro">Introduction</a></li>
7. <li><a href="#Users">Account access caused by users</a></li>
8. <ul>
9. <li><a href="#Users1">2.1</a></li>
10. <li><a href="#Users2">2.2</a></li>
11. <li><a href="#Users3">2.3</a></li>
12. </ul>
13. <li><a href="#Company">Account access through company systems</a>
14. <ul>
15. <li><a href="#Company1">3.1</a></li>
16. <li><a href="#Company2">3.2</a></li>
17. </ul>
18. <li><a href="#Graphical">Graphical Passwords</a></li>
19. <li><a href="#Conclusion">Conclusion</a></li>
20. <li><a href="#ref">Reference List</a></li>
21. </ol>
22. </section>
23. <main>
24. <h2 id="intro">Introduction</h2>
25. <p>The topic that will be discussed in depth is password security.
26. This is because there are many cases which show that there has been a lack of
27. proper password security, leading to a significant amount of cases where people
28. have been hacked or had personal information leaked on to the web. I will base
29. this review on issues preventing increased password security and then discussing
30. methods or solutions for the issues.</p>
31. <h2 id="Users">Account access caused by users</h2>
32. <p id="Users1">Many users cause their own information to be be leaked due to minimal
33. effort put in their own password security. Sometimes the issue comes from
34. being uneducated about cyber security. One case states that this is a more
35. occurring issue with elderly people (Pfleeger, 2010, p.597). This is
36. because information about technology has changed and developed a lot
37. over the years. Pfleeger also argues that people know of how easily
38. password breaching can happen and the consequences, however they do not
39. want to put the extra effort in to take accurate measures. Examples of
40. this would be situations such as using the same password for multiple
41. websites; not filling in optional security questions and not making a
42. complex password. Poor protection measures like the ones stated above
43. can cause someone to hack even the higher security websites by stealing
44. information from lower security websites that may have similar
45. information or passwords stored on them.
46. </p>
47. <p id="Users2">(Pfleeger p.598) He discusses a possible solution for the lack of people
48. implementing good e-safety. It is to teach kids early and then trust them to
49. do it on their own. When this was practices in public, a report from ofsted
50. said “the provision for e-safety was outstanding” and that it helped kids gain
51. good security skills from a young age. It also helped them to practice this in
52. unsupervised situations. This approach would be more likely to provide better
53. results as opposed to making it compulsory for the public to practice correct
54. protection measures. This is because it could have a negative effect on people
55. in ways such as removing freedom from the public.
56. </p>
57. <p id="Users3">One study came up with a method to deal with situations such as password
58. reuse (Jeffrey L. Jenkins 2013, p.196). He came up with a hypothesis using
59. just-in-time fear appeals. This states that if password reuse is being
60. detected, a just-in-time fear appeal will pop up to scare the user into taking
61. the time and effort to make a different and more secure password. Jenkins also
62. released his findings which states that 88.41% of users made their password
63. unique after receiving a just-in-time fear appeal. An approach like this would
64. be likely to affect the section of the public that does not care too much
65. about password protection or people who procrastinate as it signifies how
66. important making a secure password is and that you can be hacked at any time.
67. </p>
68. <h2 id="Company">Account access through company systems</h2>
69. <p id="Company1">Other Studies argue that it is not always the users fault. Some systems are
70. built in a way that makes it easy for a hacker to gain access. One study
71. (Gauvin, verse 1) discusses about how easy it is to use “forgotten password”
72. to gain access to an account. If a hacker uses the forgotten password link
73. that a website would have, there would be security questions which could be
74. something such as “what is your mother’s maiden name?”. They could find this
75. information through places such as social media where a person can find
76. people’s relationships, find out their mother and their maiden name. Doing
77. this would give them access to their account with minimal effort.
78. </p>
79. <p id="Company2">Gauvin presents an invention (verse 15-16) that considers social media and
80. other methods of access to your information when making an account. This means
81. that when making security questions it notifies the user of the level or risk
82. based on the amount of information available about the user on the web. Based
83. on this, it will take actions such as notifying the user through another
84. method, requesting more verification or even blocking the forgotten password
85. transaction. This idea for an invention would make a user’s accounts more
86. protected against other hacking methods, such as making phone calls to the
87. company, that require information they could easily access through other
88. sources on the internet.
89. </p>
90. <h2 id="Graphical">Graphical passwords</h2>
91. <p>One method that can improve password security is graphical passwords.
92. A graphical password is an authentication system where the user selects from
93. images in a certain sequence presented by an interface. However there is a
94. disagreement in the community on whether graphical passwords are better than
95. normal passwords where you type in characters. One source
96. (Lashkari, et al., 2009, p.145) states that graphical password schemes are
97. more vulnerable to shoulder surfing than alphanumeric text passwords. Shoulder
98. surfing is a social engineering tactic where someone spies on a person
99. inputting important information such as passwords or ID. Another article
100. argues that graphical passwords are better than alphanumeric passwords.
101. This article researches how easy it is for people to memorise graphical
102. passwords compared to alphanumeric and how secure it is against shoulder
103. surfing. There was a laboratory experiment where 20 participants had to
104. shoulder surf basic passwords vs PassFace (Tari, et al., p.56) with mouse
105. and PassFace with a keyboard, which is a graphical password interface.
106. Tari shows evidence of the experiment (p.62) in the form of a table suggesting
107. that Passface with a mouse is the most memorable on average while dictionary
108. and non-dictionary alphanumeric passwords are easier to hack than PassFace.
109. </p>
110. <h2 id="Conclusion">Conclusion</h2>
111. <p>To sum up the discussion above, there are many ways for hackers to get into a
112. user’s account however, more methods and inventions for systems are coming
113. out. Teaching kids proper e-safety would seem to be a very good method to
114. mitigate personal exposure but only for long term as it does not affect the
115. current adults in society. Graphical passwords also seems like it could be a
116. major help but more evidence is required before justifying the usage of it.
117. This is because of the amount of effort the user will put into taking accurate
118. measures. The methods would need to be in a version where it is simple and
119. efficient for any user, to reach this part of the public that put minimal
120. effort into security.</p>
121. <h2 id="ref">References</h2>