University Assignment: PICT311 - Password and Authentication Analysis

Verified

Added on 2022/11/09

AI Summary

This report provides a comprehensive review of password security, focusing on the challenges posed by imperfect authentication methods. It delves into the historical development of passwords, their vulnerabilities, and the evolution of security measures like password managers, graphical passwords, and biometrics. The analysis examines various attack vectors, including phishing and the exploitation of weak security policies. The report also discusses the importance of cyber hygiene, security posture, and the need for robust security policies to mitigate risks. It covers topics such as mass surveillance, censorship, and best practices for maintaining a secure digital environment. The author critiques the use of passwords and discusses the various methods used to protect them, along with providing suggestions for improving password security and protecting against threats. The paper highlights the critical need for continuous adaptation and improvement in authentication to combat evolving cyber threats and protect user accounts.

Running head: pict311
pict311
Name of the Student
Name of the University
Author note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1pict311
Passwords and evaluation of Imperfect Authentication
Introduction
There are lots of users whose passwords are hacked because of the 8use of several
imperfect technologies. Passwords can be influenced by the human computer interaction for the
last fifty years. That is why the developers need to develop some user friendly software. many of
the research papers are basically focused on the exact issues that can be easily classified but not
have a great influence on the real world problems. It can be easily understand the entire
authentication and contribution of passwords that is needed to know the situation of today.
Passwords were developed by the developer at the time of 1960 (Arachchilage and Love 2013:
5). It is mainly for the accessing the time framed computers. Many of the practices have survived
with little amount of modifications. It is giving an unpredictable environment related to this. Two
models are selected that can still within the latest password literature. First one is the random
user. It gives the passwords not in a formal way and in independent manner. It is resulted in the
security against the encourage and guess of several procedures aim at the sophiscated users. The
motivation of published research on clean exact problems has caused the neglect of the huge
complexity of real-world Web authentication (Arachchilage and Love 2014:6). This wrong
motivation continues to search the applicability of password research to the practice.

2pict311
Article Critique
This article enables the readers that importance of the passwords for security issues. The
author conveys several sharing operating systems in the year 1960. It is also said that passwords
are integrate against several practical jokes and also resources that can be very much authorized.
It is also told that there was a Time sharing system at MIT that can first developed the
passwords. Many issues related to this were reported. It is also mentioned that it was an
unencrypted system. That is why anything inside this is not secure. The author tried to say that
designing of several access controls in MULTICS and UNIX in the 1970s passwords are sorted
by using hashed form. But these systems are also unsecured. It is the main reason for causing the
phishing attack (Aleroud and Zhou 2017: 1). The authors are able to communicate about the web
based e-commerce systems that can able to store the passwords by using hash methods. This
article also discusses clearly about the implementation of Secure Socket Layer. By using the
phishing attacks the attacker can able to guess thee passwords in several ways. By using this type
attack the attacker can able to crack all the login credentials of the user. The author discusses that
the current password replacement policies. In this portion it is mentioned that there are the
alternative of thirty five proposed passwords methodology by using the twenty-five comparison.
The developer can use the password managers (Chhikara et al. 2013:6). It is the software that can
remember and automatically typed the passwords that is yield insight. It is able to improve the
usability as well as security in some common case. But these are very much challenging to get all
the agents of the consumers. This problem can be solved by several kinds of graphical password
policy. The author tries to convey that they are providing some policies related to thee biometry.
It will protect the unauthorized framework for authentication of software. Fraudsters want to
implement the digital presentations of the fingerprints as well as iris patterns. The author of this

3pict311
article also mentioned that there are some hardware tokens that can implement this type of
things. It can be used to access the passwords for a single time. It is also elaborated in single sign
on protocols that can be able to satisfy all the criteria as well as inertia that can be a problem for
resolve (Jansson and von Solms 2013:7). This method can able to replace the previous password
entirely. The author gives some suggestion related to use of passwords. The consumer should use
the different password for different account. It will reduce the chance of password hacking. The
consumer must avoid the personal information and should not write it down in any places. It
causes the unrealistic burden. These suggestions can able to reduce the threats of using several
different kinds of passwords. The author also able to provide security advice that is really
helpful; for the account holders. It has the ability to reduce the risk in exponential manner. The
author also said that the executing a computer having no malware is a very important
methodology. It is a very challenging and it is avoided in the favor of the device of password. It
is very simple to make a clear conception but it is not so important. The author also mentioned
that the consumer should not repeat the passwords for multiple portals (Priyan aet al. 2015:4).
The author also mentioned that the industry has to sufferer a lot for modifying the passwords.
The different techniques that can solve the problem very easily the phishing problem can be
used. It involves several cryptographic policies that for preventing the spoofing in its domain. It
also provides some little changes to every email that is used for well-known patterns
(Vishwanath 2015:3). This cost is very much lesser than any kind of methodologies followed by
several consumers.
In the procedure of authentication of several cases this techniques can able to solve the
password hacking methodology (Lee et al. 2014:5). The author of the article stated that, in case
of banking sector there are huge numbers of technologies are available that are not accurate in

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4pict311
nature. The credit card numbers can be a secret matter for bank. But the attacker can able to
attack the server of that bank by using this kind of attacks. Sometimes the PIN number of ATM
cards of the consumers can be hacked by the intruder. For that reason the banks must provide
several cryptographic tools to resolve this matter.
Conclusion
This article provides a clear literature review concerning the loss of the passwords from
the consumer account. This article clearly states regarding the various old mechanisms of
generating the passwords. The author also illustrates that how much insecure the old system was.
But this article does not discuss much regarding the phishing attack. The author states regarding
the various cryptographic policy that can be used to protect the password. From the above
discussion it can concluded that this article not very much useful for phishing but very useful for
the protection of passwords.

5pict311
Bibliography
Arachchilage, N.A.G. and Love, S., 2013. A game design framework for avoiding phishing
attacks. Computers in Human Behavior, 29(3), pp.706-714.
Arachchilage, N.A.G. and Love, S., 2014. Security awareness of computer users: A phishing
threat avoidance perspective. Computers in Human Behavior, 38, pp.304-312.
Aleroud, A. and Zhou, L., 2017. Phishing environments, techniques, and countermeasures: A
survey. Computers & Security, 68, pp.160-196.
Chhikara, J., Dahiya, R., Garg, N. and Rani, M., 2013. Phishing & anti-phishing techniques:
Case study. International journal of advanced research in computer science and software
engineering, 3(5).
Jansson, K. and von Solms, R., 2013. Phishing for phishing awareness. Behaviour & information
technology, 32(6), pp.584-593.
Lee, L.H., Lee, K.C., Chen, H.H. and Tseng, Y.H., 2014, November. Poster: Proactive blacklist
update for anti-phishing. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and
Communications Security (pp. 1448-1450). ACM.
Priyan, M.K., Nath, C.G., Balan, E.V., Prabha, K.R. and Jeyanthi, R., 2015, May. Desktop
phishing attack detection and elimination using TSO program. In 2015 International Conference
on Smart Technologies and Management for Computing, Communication, Controls, Energy and
Materials (ICSTM) (pp. 198-201). IEEE.

6pict311
Vishwanath, A., 2015. Examining the distinct antecedents of e-mail habits and its influence on
the outcomes of a phishing attack. Journal of Computer-Mediated Communication, 20(5),
pp.570-584.
Ramanathan, Venkatesh, and Harry Wechsler. "Phishing detection and impersonated entity
discovery using Conditional Random Field and Latent Dirichlet Allocation." Computers &
Security 34 (2013): 123-139.
Yu, M., Liu, C., Qiu, X. and Zhao, S., 2013. Modelling and analysis of phishing attack using
stochastic game nets.