Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <!DOCTYPE html>
- <html lang="en" dir="ltr">
- <head>
- <meta charset="utf-8">
- <link rel="stylesheet" title="MywebsiteStyle" href="mywebsitestyle.css" type="text/css">
- <title>Literature Review</title>
- </head>
- <body>
- <nav class="topnav">
- <a href="index.html">Home</a>
- <a href="literaturereview.html">Literature review</a>
- <a href="discoverylog.html">Discovery Log</a>
- </nav>
- <h1>Mitigating Personal Information Exposure on The Web</h1>
- <div class="content">
- <h1>Content</h1>
- <ol>
- <li><a href="#intro">Introduction</a></li>
- <li>
- <p class="normal"><a href="#Users">Account access caused by users</a></p>
- <ul>
- <li><a href="#Users1">2.1</a></li>
- <li><a href="#Users2">2.2</a></li>
- <li><a href="#Users3">2.3</a></li>
- </ul>
- </li>
- <li>
- <p><a href="#Company">Account access through company systems</a></p>
- <ul>
- <li><a href="#Company1">3.1</a></li>
- <li><a href="#Company2">3.2</a></li>
- </ul>
- </li>
- <li><a href="#Graphical">Graphical Passwords</a></li>
- <li><a href="#Conclusion">Conclusion</a></li>
- <li><a href="#ref">Reference List</a></li>
- </ol>
- </div>
- <main>
- <h2 id="intro">Introduction</h2>
- <p>The topic that will be discussed in depth is password security.
- This is because there are many cases which show that there has been a lack of
- proper password security, leading to a significant amount of cases where people
- have been hacked or had personal information leaked on to the web. I will base
- this review on issues preventing increased password security and then discussing
- methods or solutions for the issues.</p>
- <h2 id="Users">Account access caused by users</h2>
- <p id="Users1">Many users cause their own information to be be leaked due to minimal
- effort put in their own password security. Sometimes the issue comes from
- being uneducated about cyber security. One case states that this is a more
- occurring issue with elderly people (Pfleeger, 2010, p.597). This is
- because information about technology has changed and developed a lot
- over the years. Pfleeger also argues that people know of how easily
- password breaching can happen and the consequences, however they do not
- want to put the extra effort in to take accurate measures. Examples of
- this would be situations such as using the same password for multiple
- websites; not filling in optional security questions and not making a
- complex password. Poor protection measures like the ones stated above
- can cause someone to hack even the higher security websites by stealing
- information from lower security websites that may have similar
- information or passwords stored on them.
- </p>
- <p id="Users2">(Pfleeger p.598) He discusses a possible solution for the lack of people
- implementing good e-safety. It is to teach kids early and then trust them to
- do it on their own. When this was practices in public, a report from ofsted
- said “the provision for e-safety was outstanding” and that it helped kids gain
- good security skills from a young age. It also helped them to practice this in
- unsupervised situations. This approach would be more likely to provide better
- results as opposed to making it compulsory for the public to practice correct
- protection measures. This is because it could have a negative effect on people
- in ways such as removing freedom from the public.
- </p>
- <p id="Users3">One study came up with a method to deal with situations such as password
- reuse (Jeffrey L. Jenkins 2013, p.196). He came up with a hypothesis using
- just-in-time fear appeals. This states that if password reuse is being
- detected, a just-in-time fear appeal will pop up to scare the user into taking
- the time and effort to make a different and more secure password. Jenkins also
- released his findings which states that 88.41% of users made their password
- unique after receiving a just-in-time fear appeal. An approach like this would
- be likely to affect the section of the public that does not care too much
- about password protection or people who procrastinate as it signifies how
- important making a secure password is and that you can be hacked at any time.
- </p>
- <h2 id="Company">Account access through company systems</h2>
- <p id="Company1">Other Studies argue that it is not always the users fault. Some systems are
- built in a way that makes it easy for a hacker to gain access. One study
- (Gauvin, verse 1) discusses about how easy it is to use “forgotten password”
- to gain access to an account. If a hacker uses the forgotten password link
- that a website would have, there would be security questions which could be
- something such as “what is your mother’s maiden name?”. They could find this
- information through places such as social media where a person can find
- people’s relationships, find out their mother and their maiden name. Doing
- this would give them access to their account with minimal effort.
- </p>
- <p id="Company2">Gauvin presents an invention (verse 15-16) that considers social media and
- other methods of access to your information when making an account. This means
- that when making security questions it notifies the user of the level or risk
- based on the amount of information available about the user on the web. Based
- on this, it will take actions such as notifying the user through another
- method, requesting more verification or even blocking the forgotten password
- transaction. This idea for an invention would make a user’s accounts more
- protected against other hacking methods, such as making phone calls to the
- company, that require information they could easily access through other
- sources on the internet.
- </p>
- <h2 id="Graphical">Graphical passwords</h2>
- <p>One method that can improve password security is graphical passwords.
- A graphical password is an authentication system where the user selects from
- images in a certain sequence presented by an interface. However there is a
- disagreement in the community on whether graphical passwords are better than
- normal passwords where you type in characters. One source
- (Lashkari, et al., 2009, p.145) states that graphical password schemes are
- more vulnerable to shoulder surfing than alphanumeric text passwords. Shoulder
- surfing is a social engineering tactic where someone spies on a person
- inputting important information such as passwords or ID. Another article
- argues that graphical passwords are better than alphanumeric passwords.
- This article researches how easy it is for people to memorise graphical
- passwords compared to alphanumeric and how secure it is against shoulder
- surfing. There was a laboratory experiment where 20 participants had to
- shoulder surf basic passwords vs PassFace (Tari, et al., p.56) with mouse
- and PassFace with a keyboard, which is a graphical password interface.
- Tari shows evidence of the experiment (p.62) in the form of a table suggesting
- that Passface with a mouse is the most memorable on average while dictionary
- and non-dictionary alphanumeric passwords are easier to hack than PassFace.
- </p>
- <h2 id="Conclusion">Conclusion</h2>
- <p>To sum up the discussion above, there are many ways for hackers to get into a
- user’s account however, more methods and inventions for systems are coming
- out. Teaching kids proper e-safety would seem to be a very good method to
- mitigate personal exposure but only for long term as it does not affect the
- current adults in society. Graphical passwords also seems like it could be a
- major help but more evidence is required before justifying the usage of it.
- This is because of the amount of effort the user will put into taking accurate
- measures. The methods would need to be in a version where it is simple and
- efficient for any user, to reach this part of the public that put minimal
- effort into security.</p>
- <h2 id="ref">References</h2>
- <ul>
- <li><a href="https://www.sciencedirect.com/science/article/pii/S0167404811001659">
- Shari Lawrence Pfleeger, Deanna D. Caputo. (2012). Leveraging behavioral science to mitigate cyber security risk
- </a>
- </li>
- <li>Arash Habibi Lashkari, Samaneh Farmand, Dr. Rosli Saleh, Dr. Omar Bin Zakaria. (2009). Shoulder Surfing attack in graphical password authentication
- Referenced from:
- <a href="https://arxiv.org/ftp/arxiv/papers/0912/0912.0951.pdf">
- https://arxiv.org/ftp/arxiv/papers/0912/0912.0951.pdf
- </a>
- </li>
- <li>William Gauvin. (2011). Techniques for mititgating forgotten password attacks
- Referenced from:
- <a href="https://patents.google.com/patent/US8555357B1/en">
- https://patents.google.com/patent/US8555357B1/en
- </a>
- </li>
- <li>
- Jeffrey L. Jenkins, Mark Grimes, Jeffrey Gainer Proudfoot, Paul Benjamin Lowry. (2013). Improving Password Cybersecurity Through Inexpensive and Minimally Invasive Means: Detecting and Deterring Password Reuse Through Keystroke-Dynamics
- Monitoring and Just-in-Time Fear Appeals
- Referenced from:
- <a href="https://www.tandfonline.com/doi/abs/10.1080/02681102.2013.814040">
- https://www.tandfonline.com/doi/abs/10.1080/02681102.2013.814040
- </a>
- </li>
- <li>Furkan Tari, A. Ant Ozok, Stephen H. Holden. (2006). A Comparison of Perceived and Real Shoulder-surfing Risks between Alphanumeric and Graphical Passwords
- Referenced from:
- <a href="http://cups.cs.cmu.edu/soups/2006/proceedings/p56_tari.pdf">
- http://cups.cs.cmu.edu/soups/2006/proceedings/p56_tari.pdf
- </a>
- </li>
- </ul>
- </main>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement