LITERATURE REVIEW PART 2
Introduction
This literature review is based on the discussion regarding the security of data through the mismanagement of information in the various informational management platforms. Passwords form a very important and greatly essential part in individuals’ lives in this current world technology. Given the ever increasing storage of information on online databases and secured internet databanks, there is the need for this information to be protected from malicious and ill intent computer internet hackers. This review majorly focuses on the assessment of the various works regarding password protection and data security or encryption.
Password protection of systems is aimed at protecting the information stored in the systems. The information could be inclusive of financial, records, records of truncation or even private or confidential information like patient hospital records. In order to prevent external parties from unwanted or unwarranted access, the use of security features like passwords and verification procedures is vital in keeping a system trusted. This brings us to the investigation on how or why different individuals choose different keywords in selecting the passwords to protect their online information and how some end up poorly managing security policies (Gupta & Sharman, 2009).
The choice of password for each and every individual selection is dependent on various factors that will be highlighted and emphasized in this paper analysis. These may range from one’s level of technical knowhow or educational background to their IQ or rate of memorability. The comprehension on the importance of maintaining a strong password encryption system goes a long way in ensuring that the system is not susceptible to cybercriminals due to poor password management within an organization. The enhancement of security features on every organizational gadget plus a well-fortified and synchronized database store provides an open environment for free and liberal information auditing by Information tech experts.
The arguments brought forth by the different individuals regarding the importance of a good password support the notion for any given person is solely responsible for managing their individual passwords. They should be aware of the ways and methods for creating strong passwords by keeping themselves informed and minimize the level of ignorance to password characterization, for instance, special keys and characters like ##, $, * among many others.
In the article, Passwords Usage and Human Memory Limitations: A Survey across Age and Educational Background, the commentary emphasizes on how an individual’s choice of password pegs on their knowledge level or general educational background and experience with technology (Pilar, Jaeger, Gomes, & Stein, 2012). The study on the procedural utilization of PINs and restrictions of using the passwords aids in identifying the consequence of regularly exchanging passwords. The different age groups tend to use different passwords, that is, a younger person, preferably in the age bracket of 13 years and below are likely to choose a weaker password compare do one above that age bracket. Similarly, older people and likely to forget their passwords if they possess many of them given their weak memorability (Pilar, Jaeger, Gomes, & Stein, 2012). Additionally, a more witted person is more likely to set an appropriate or strong password given their experience knowledge.
The management of passwords also is dependent on the methodologies and approaches which are utilized in developing and designing memorable passwords for an organization’s system. For instance, the alphanumeric, self-generated, face, character symbols among other techniques, all explain the significance of taking an approach towards practicing the utilization of alternative password systems for enhancing the organization system memorability (Ostojic & Phillips, 2009). The self-generated passwords and randomly-generated alphanumeric, both offer improvised platforms for crating very strong encryption keys for any system.
The verification, authentication and validation procedures in any given system ought to vary on a wide ranged perspective by even letting the expected end users of the system comprehensive optional password recovery approaches, in case they lose or forget their passwords. For example, the United States Department of Defense (DoD’s) Password Management Guideline, the Green Book, which was printed in 1985, highlights on the report noting the susceptibility of system passwords on a computerized or automated data processing (ADP) system to security dangers. The report subsequently recommended to the importance for user identifications being revalidated occasionally (Cheswick, 2013). The password scheme for an automated system should follow the 8 and 13 character computerized password generation system.
Furthermore, individuals have been advised on the significance of implementing stronger security features in the mobile platforms. Mobile phones, majorly inclusive of the smartphones and tablets form a vital section in human involvement and interaction with technological systems. Since, phones are more accessible and the most privately owned gadgets in the technological world, they have to be well guarded and secured for data theft or fraud, for example, identity theft. Mobile phone end users are concerned with the need for an increased and improvised data security or protection since the present form of protection, that is, the PIN usage has proven to be less secure. The model proposed method for data protection on mobile phones comprises of a more unconventional approach, that is, the two-level security model. This model typically provides varied or differential data that services the mobile phone users’ protection through exploiting the prevailing capabilities of a smart phone for validating respective users (Ben-Asher, Kirshchnick, Sieger, Meyer, Ben-Oved & Möller, 2011). This might involve the utilization of a specified graded security and biometric security system.
Research has also proven that that practicing a high level of password modeling goes a long way in setting appropriate and rationalized security measures within an organizations technical system. In the article paper regarding practicing rational security, the authors explain the diverse security performances via taking the instance sample of three groups comprising of computer scientist groups, students and admin staffs. The reading emphasizes on the importance of understanding appropriate password guidelines and the subsequently explains how the different group of individuals are likely to select their choice of password given their technical knowhow. The article further discusses and clarifies how the level of password security is dependent on various external and internal constraints. For example, a computer guru (scientist) is more likely to use password security in conducting any work project since the programmers greatly and comprehensively understand the need for information or data security (Gehringer, 2002).
The problem statement of conducting this research majorly focuses on the poor protection and safekeeping of information. Peer reviewed articles give one the insight on the articulated scientific need for protecting information. This is backed up by the scholarly research on field areas and discipline related to the utilization of passwords in information technology (Cohen, 2009). The policies and strategies used in information systems depend on the mechanisms applied in managing the information. Different people tend to have their specific approaches and practices or behavior with regards to password creation. Thus, a computer programmer’s password is likely to vary compared to that of a common farmer or student. As a result, it is probable to test the best alternative method of generating passwords via the guidelines. This makes the significant part for the password verification process via providing facts on how to create difficult passwords via schemes that lessen information system insecurity (Shay, 2007).
Password management is supposed to be an integral part of an authentication process for all individuals logging in to an organization’s tech system. The technical approaches and methodologies undertaken in any process establish what methodology design to be implemented in creating authentic passwords. Thus, the techniques that offer a more positive and viable approach towards developing password guards for information system users. The components involved in the methodology process should always involve the end user requirements from the start of the password design or development throughout to the program implementation and execution phase.
These activities activate the protection of users or private consumer data or information from unwarranted access on any organizations online system platform. This includes both the wired or wireless network. A wired network has an easy configuration that support a simple but strong password security system. Conversely, wireless networks tend to be open in an environment, thus, making them prone to intrusion. Any organization’s system accessible wirelessly over the network ought to invest in securing the wireless communication channels for their systems. Learning how to keep the network secure establishes a strong foundation for maintaining the consistent security system for the organization information and data. Therefore, a system having appropriate use case models sets the parameters for each and every scenario for all the users that are supposed to use the system (Belapurkar, 2009).
New research reveals that a fundamental absence of Information Technology (IT) security awareness, mostly in the capacity and knowledge of privileged logins and password control, potentially poses a great threat on the safeguarding of information and data through facilitating constant data breaches (Conducted by the Lieberman Software Corporation). In a survey carried out in the year of 2011 surrounding the usage and poor management of passwords showcased a number of security deficiencies. There was poor management of security keys among IT professionals stressed by the inclusive laziness to create appropriately strong and heavily encrypted password security among the organization’s senior management team. Additionally, from the research conducted, the resultant outcome for more than a quarter of the 300 surveyed IT experts alleged they were aware of an IT staff associate abusing restricted login information to by accessing private and sensitive information within the business entity (Gehringer, 2002).
The dangers of utilizing weak PINs are apparent in current online events given the evidential testimonies of the multiple online individuals who fall victim to identity theft and other forms of online cybercrime. Computer malicious operators, or hackers, frequently have computerized and automated software platforms that have the capability to pull information regarding the different users on the various internet browsing platforms. These programs aid them in obtaining information such as passwords, even those designed and developed in other languages.
In most big companies, the technical system managers tend to store the various and numerous existing passwords in an Excel worksheet or database. This file is usually accessible to all individuals within that particular corporation by means of a shared internetworked file sharing methodology. However, this forms a real-world approach saves on time that would be otherwise wasted via verbally conveying the passwords to each and every individual. Plus, it has proven to be cost-effective. The flipside of utilizing this method might result in key security difficulties since everyone within the business environment has permission to access all the passwords (Gupta & Sharman, 2009).
This notion does not give room for any accountability; however, since the troubleshooting a security breach can prove to be very difficult. For instance, the values regarding the sharing of passwords amongst the IT personnel can similarly lead to the leakage of information through the exploitation of the shared passwords. Thus, due to this poor management approach and ignorance from the general working staff consequences the loss of responsibility or liability while disadvantaging any big organization’s sensitive information by leaving its network open and vulnerable to outsiders or intrusive hackers (Powell, 2006).
Human beings form the most important section of a computer system and its security through proving the super-user entity with the ultimate administrative permissions. Conversely, humans can be compromised; given the combination of the shared bad routine habit with the cumulative occurrences of cyber espionage is deadly and lethal to most enterprises, mainly if malicious hackers study the authorizations and permit identification of a super-user account within the system. I believe that administrations should not only think about the system back-end threats, but also should look into the techniques that can be utilized in locking down weaknesses in the system. These are the flaws that attackers and online system hackers target and use as leverage to obtain and access credentials from the browser-side access points (Gupta & Sharman, 2009).
Another form of password mismanagement comprises of the passwords and stored user names from web system browser sessions which usually remain accessible in the verification cache. This makes it highly exposed to malware. Thus, logically implementing secure channels, involving encrypted web browser session for all the employees and proposed customers who use the organization’s system is the paramount mode to safeguard the data information in the company’s databases. There exist various actions that can be engaged to aid in confronting poor password management performance among an organization staff. This includes activities such as abiding by the rules and set policies for utilizing organizational data. High tech procedures ought to be followed in the creation of strong passwords, for example, by means of reference to the good online password managers. The reviews from big data security companies that aim at administering strong organization-wide controls also goes a long way in ensuring the prevention of any company information leakage to external entities (Powell, 2006).
Conclusion
Notably, the poor management of password has proven to be fatal to certain organizations around the world. Some of the facilitating facts that propel poor password management involve the simple ignorance of usage policies or lack of providing information to the IT department regarding security issues. Company employees who ignore simple system messages regarding security are the most common authentication flaws a system can have, for example, ignoring the alert message to change one’s password. In the current world economy, online customer information has proven to be powerful and expensive, for instance, customer credit card information.
Conversely, company managers ought to be wary of all the users that access the system especially the IT professionals and other staff that have access to significant password information. This should be done to prevent the mismanagement of passwords successively compromising the security of an organization’s online account system and all the important information and vital data stored on various electronic gadgets. For instance, when employees from one company change jobs, the rights and permission to certain data and information are to be changed or reset to avert network intrusion.
References
Pilar, D., Jaeger, A., Gomes, C. A., & Stein, L. (2012). Passwords Usage and Human Memory Limitations: A Survey across Age and Educational Background.
Cheswick, W. (2013). Rethinking Passwords. Communications of the ACM, 56(2), 40-44.
Powell, J. (2006). How security breaches impact your brand. Enterprise Systems, 31 October.
Gehringer, E. (2002). Choosing passwords: security and human factors. 2002 International Symposium on Technology and Society
Information Resources Management Association. (2007). International journal of information security and privacy. Hershey, Pa: IGI Global.
Belapurkar, A. (2009). Distributed systems security: Issues, processes, and solutions. Chichester, UK: John Wiley & Sons.
Gupta, M., & Sharman, R. (2009). Social and human elements of information security: Emerging trends and countermeasures. Hershey, PA: Information Science Reference.
Tam, L., Glassman, M. & Vandenwauver, M. The Psychology of Password Management: A Tradeoff between Security and Convenience. Behavior & Information Technology, 29.3 (2010)
Ben-Asher, N., Kirshchnick, N., Sieger, H., Meyer, J., Ben-Oved, A., & Möller, S. (2011). The need for different security methods on mobile phones. MobileHCI.
Shay, R. (2007). Encountering Stronger Password Requirements:. Passwords , 3-20. http://users.ece.cmu.edu/~mmazurek/papers/soups2010-passwords.pdf
Ostojic, P., & Phillips, J. (2009). Memorability of alternative password systems. International Journal of Pattern Recognition and Artificial Intelligence.