AUTOMATED BIBLIOGRAPHY AND JOURNAL SYNOPSIS
CHARLES STURT
UNIVERSITYITY
ITC571–EMERGING
TECHNOLOGIES AND INNOVATIONTIMOTHY
SIHLE NTSHOTSHO:
Assignment Item 3:
Annotated Bibliography and Journal Synopsis
Article:1
Walker, D. (2021). The top
12 password-cracking techniques used by hackers. Retrieved from Retrieved
from https://www.itpro.co.uk/security/34616/the-top-password-cracking-techniques-used-by-hackers
This article discusses the dated technique of computer user
authentication and points out flaws and ways in which passwords can be
compromised. It also points out how a leaked password became one of the biggest
cybersecurity compromises referring to the SolarWinds compromise which at the
center was a weak and easy to guess password. Holding true to the above
statement of weak passwords, studies also back the assertion, noting that there
is a prevalence use of weak passwords by users which is a recent finding from
NCSC. The article also suggests that a
layer-security approach such as the biometric, one-time pin may help remedy the
nightmare the cybersecurity professionals face daily. It also looks at common
methods of harvesting user credentials, which spans from email phishing
Article: 2
Kenny, L. (2020). Password Cracking Is Easy: Here’s
How to Do It.
Retrieved https://kennymuli.medium.com/password-cracking-is-easy-heres-how-to-do-it-875806a1e42a
This article highlights methods including ways of
decrypting or cracking computer passwords. It points to the ease with which
passwords can be decrypted due to several factors such as the importance of
ensuring passwords are strong and that users do not take the password secrecy
for granted. The article discusses methods such as brute-forcing passwords,
simply put an attacker tries different password combinations guess with the aim
of getting unauthorized access to the system. Of course, the password-guessing
technique is based on possible parameters such as the length of the password
and the possible known weak passwords. It also discusses the secure way of
storing the passwords ideally in an encrypted nonreversible form which is
called hashing and points out that storing passwords in plain text would simply
mean the attacker can copy and paste after compromising the system which houses
the passwords unlike when passwords are hashed, they would still need a
matching hash value.
Article: 3
Ahola,M . (2021) The Role of Human Error in Successful Cyber Security
Breaches. Retrieved from https://blog.usecure.io/the-role-of-human-error-in-successful-cyber-security-breaches
As a prelude, the author discusses a basic human phenomenon
i.e., no one is perfect, and acquaints this to information systems security.
The article discusses the error commonly made by human beings as they interact
with information systems. The article points out two fundamentals human error
may result in a cyber security breach. Namely: due to lack of skill or
knowledge may unwittingly download malware or send confidential information to
users that are not authorized to access the information, the article refers to
Verizon’s 2018 report. The article also highlights weak passwords or the use of
the same password on different accounts due to user fatigue and the general
demands of life. The other phenomenon the article points about is the
skilled-based error, that is a user may circumvent security controls in place
so that they may complete their tasks or a culmination of minor errors that
could ultimately result in a security breach. The article points out sources of
human error, such as opportunity, environment, and lack of awareness. the culmination of minor errors that could
ultimately result in a security breach. Lastly, the article points out sources
of human error, such as the opportunity, environment, and lack of awareness.
Article:4
Constantine,L. (2021). Hashing explained: Why it's your
best bet to protect stored passwords. Retrieved from https://www.csoonline.com/article/3602698/hashing-explained-why-its-your-best-bet-to-protect-stored-passwords.html
The article discusses the need
to store sensitive information in an encrypted form called hashing, this
sensitive information includes passwords commonly used for authentication. The
article also looks at the dire repercussions of storing sensitive information
in plaintext which may present an opportunity to malicious user/s with no need
to decrypt the information. The article also discusses why hashing is a
preferred method in storing passwords due to its complexity i.e., the hash is a
one-way function and can not be reversed, unlike encryption which uses the
encryption key and the algorithm for output of ciphertext. As highlighted above
the article disapproves using encryption as a form of storing passwords and
refers to the Adobe case where a server was used to store passwords using the
Triple-DES algorithm. The simple argument the article makes is that stolen
passwords ciphertexts can be decrypted provided the key or the known
vulnerabilities in the algorithm while the hash function is irreversible.
Lastly concludes by adding another layer of protection called salt and pepper
to ensure greater hash resilience against possible rainbow attacks. The
technique involves adding a random string to a user’s password to make the hash
value unique even if the password is commonly used by other users.
Article: 5
Zwinggi, A & Ogee, A. (2020). 4 reasons why
passwords are becoming a thing of the past. Retrieved from https://www.weforum.org/agenda/2020/01/4-reasons-passwords-are-becoming-a-thing-of-the-past/
This article discusses the future of passwords as a form of
authentication and the costs associated with the maintenance of the dated
authentication system. The system was intended to be used for business
employees and user experience was not a concern. It also highlights among other
things how poor password management plays in the hands of cybercriminals, to
which most data breaches occur. Business customers also use these systems and
the article edges customer efficiency and effective interaction to promote
growth and attainment of business goals. Lastly, the article looks at the
benefits of using a password-less system such as interoperability which would
allow new and existing users to transact broadly. It looks at the possibility
of reduced costs associated with the maintenance of the aging information, costs
associated with call centers for user assistance (password recovery) including
the balance between user friendliness and password management. The author
concludes by highlighting that with no password to steal the possibility of a
cyber breach would be greatly reduced.
Article: 6
Gade, N,R & Reddy U,G,J .(2014) .A
Study Of Cyber Security Challenges And Its Emerging Trends On Latest Technologies.
Retrieved from https://www.researchgate.net/publication/260126665_A_Study_Of_Cyber_Security_Challenges_And_Its_Emerging_Trends_On_Latest_Technologies
The article looks at cyber security impediments including
emerging technology that may impair the confidentiality of information shared
over the internet or other channels of communication. This includes commercial
transactions that constitute an average of more than 60% of a business
turnover. During the transacting confidential information is shared such as
credit information, billing addresses which may be illegally obtained by
cybercriminals. The article highlights US companies are now maintaining
approximately 92% of the cybersecurity controls to be more resilient, however,
they are less confident about their business partners' cybersecurity approach.
The article predicts new attacks on android operating systems which are usually
handheld devices, web servers for harvesting data, and cloud-hosted services.
It also includes trends such a target attacks and Advances in Persistent
Threats which may be due to the great economic benefit of the target entity.
Lastly, the article looks at cybersecurity controls to thwart or mitigate a
potential data breach. Issues such as access control management, password
management,anti-malware, and firewalls are some of the control techniques used
by cybersecurity professionals.
Article:7
Lynch,
M (2017). Credential Compromise: What You Need to Know About Theft, Stuffing
and Spilling and What You Can Do About it. Retrieved from https://securitytoday.com/Articles/2017/09/29/Credential-Compromise.aspx?Page=2
The article
discussed several user credential compromises and repercussions such the
financial loss and repudential damage. It emphasizes that while the financial
loss may have grave damage to the entity, reputational may have far reach
consequences to the survival of the entity due to loss of confidence by its
clients. The article also discusses how
user credentials can be stolen and subsequently the attack vector including
automated tools that may manifest because of the breach. It also looks at the
stolen credential life cycle from a point of harvesting using social
engineering for example, and the use of compromised systems called bots used to
validate the authenticity of the credential as well as selling the credential
of dark web markets. Lastly, the article concludes by highlighting the
importance of a layered security approach i.e. deployment of tools to detect
and thwart bots and other infiltration, including hiring a cyber professional who
may give an alert in an event of the entity’s credential sale in the dark web.
Article:
8
Meers,
T. (2021). Are Passwords Obsolete? Retrieved From https://pratum.com/blog/506-are-passwords-obsolete
The article
discusses the phenomenon of password replacement and highlights constraints
that have hindered the full implementation. It notes that while password
replacement to password-less systems has been in discussion for more than
decades it's not an easy feat due to the associated costs of the replacement
and the inconvenience for the users. The article also acknowledges risks of
password authentication including password management such as ensuring a strong
password; however, it also notes that a strong password may mean a user writing
it down or using the password on different systems which may be more damaging
to the entity’s information. the article further explores password hardening
using a passphrase (long string usually made of a sentence) and multifactor
authentication systems i.e., the combination of the password and an
authenticator app or pin. The author concludes that if password-less
authentication systems are to be implemented they would rely on multi-factor
authentication i.e., something the user has such authenticator app, something
the user is such as biometric fingerprints, and this would greatly heighten an
entity’s cybersecurity posture. Lastly, the author touches on detection tools
in an event of credential compromise.
Article:9
Lineberry,
S. (2007). The
Human Element:
The Weakest Link in Information Security. Retrieved from https://www.journalofaccountancy.com/issues/2007/nov/thehumanelementtheweakestlinkininformationsecurity.html
The article
discusses how the human element is often overlooked in the information security
implementation and strategy of entities. Technical tools such as firewalls,
anti-malware, biometric systems, and physical controls usually take precedence.
Moreover, employees are constantly put under pressure by senior management for
better customer experience, and as consequence security controls are sometimes
bypassed. Cybercriminals are acutely aware of this and use deceptive and
manipulative tactics to get unauthorized access to confidential information.
The advocates for social engineering training to mitigate the risk and that the
best way is through an external entity due to different scenarios which can be
employed. Scenarios such as the double-blind testing which ensures the few
people are aware of the engagement underway or a coordinated test may be
carried out. The article discusses common ways to prevent intrusion following
the training such as requirement identity through secret questions before
resetting a user’s account for example. Inclusion the article also looks at
pitfalls for employees such as familiarity, sympathy, comfort, and trust.
Article:
10
Allison, P,
R. (2016). The
problem of passwords and how to deal with it? Retrieved from https://www.computerweekly.com/feature/The-problem-of-passwords-and-how-to-deal-with-it
The article
examines challenges faced with password management and explores ways in which
passwords can be effectively managed. The article points the inherent risk that
users may easily have more than 50 accounts and are likely to use a weak
password or use the same password for different accounts which exacerbates the
cyber security threat. This is backed up by the study conducted by TeamsID
which noted the prevalent use of the password “123456” or default password
settings such as “password” or “admin”. Cybercriminals are acutely aware of the
security loophole and prey on the opportunity, and this is denoted by an influx
of credential selling on the dark web. The article also notes that passwords
should be random as possible with special characters, but the inherence is the
ability of users to memorize and a great number of passwords for different
accounts. Even a fair length password enforced on group policy such as an 8
character, may be decrypted with relative ease due to the great computing power
of Graphics Processing Unit (GPUs). Lastly, the article notes other mechanisms
to secure passwords using storage however the security is largely determined by
the algorithm of the storage facility. In conclusion talks about the
increasingly adopted form of authentication which is multi-factor authentication
and its ability to greatly reduce the risk of compromise.
Article:
11
Garcia, A,V .
(2020). Passwordless authentication:Advantages and methods to start using it.
Retrieved from https://www.arengu.com/blog/passwordless-authentication-advantages-and-methods-to-start-using-it
The article
discusses cybersecurity, user benefits and looks at the methods into which password-less
authentication can be used. The article points out that in the current
computing age a user is likely to have multiple accounts and recalling all
passwords of these accounts is a nightmare and that users are likely to abandon
a site after a password reset. This may have negative repercussions to a
commercial site for example due to a missed sale opportunity. The article also
lists the benefits of password-less authentication such as reduced costs in
setting up call centers to handle customer queries and user-friendliness.
Lastly, the article discusses methods to such as Generate a one-time password
the user will get their password either on the mobile phone or email or the
clicking of a link to verify authentication. These methods greatly improves
security as the password can be used for one session only.
Article:
12
Zwets, B.(2021). Passwordless:
how will it change the future of authentication?. Retrieved from https://www.techzine.eu/blogs/security/58043/passwordless-how-will-it-change-the-future-of-authentication/
The article looks at varying opinions about the
future of passwords as a form of authentication. Some experts in the field of
information security are adamant we are headed for the password-less
authentication form why others think otherwise to due familiarity or wide
adoption of the password by users. One thing that is common between the two
scholars is the prevalence use of weak passwords and the reuse of the same
password on different accounts by users which often leads to information
systems being compromised. The scholars for password-less authentication among
other things argue the inevitable due to unfriendliness, inherent risk, and
associated costs of password recovery this will eventually force the adoption
of password-less authentication. At the center of password-less authentication
is multi-factor authentication which uses different methods to achieve greater
password security and user-friendliness.
Task 2: Annotated
Bibliography Reflection
Journal synopsis password as the form of authentication
will soon become obsolete. The aim of this paper is to explore and expose how
password authentication mechanisms led to cyber security breaches and how
user-unfriendly it is. It also explores the use of password-less forms of
authentication and their roles in combatting the surge of user credential
harvesting and the subsequent abuse. The primary method used in this research
was a literature review which included analysis of journals, blogs, and conferences,
cyber security reports, etc. There are several kinds of research about
password-less authentication and how passwords are a thing of the past. At the centre
of password-less authentication, implementation is a multi-factor
authentication or the use of a one-time pin to authenticate which eases the
burden of user recollection of passwords and the user may have more than 20
accounts. This subsequently increases the cyber security of the organization in
that there are no passwords to protect. Both internal and external users are
eased of a burden to recall complex and ever-changing passwords including the
cost reductions of the overheads of setting up a call centre for password
recovery. lastly, the human element is prone to mistakes such as using the same
password for different accounts, writing the password down, or resorting to an
easy password. While the adoption of password-less authentication is still
being debated the proliferation of identity theft (user credential) and sale of
these credentials on sites such the dark web, may eventually force
organizations to adopt a secured and user-friendly way of authentication
Turnitin Submission
Comments
Post a Comment