You are on page 1of 5

ITM 820Information Systems Security and Privacy

Password Protection & Data Integrity


Saahir Mulla
500446360

February 3rd, 2016

Part A - Password Protocol Design


Developing a strong password protocol to ensure users obtain optimal security of their data is
crucial now more than ever. User authentication is the foundation for primary types of access
control and user accountability. In most computer security contexts, user authentication is the
fundamental building block and the primary line of defense.
There are two primary types of concerns that affect the users psychology when setting a
password:
1. Is there a high probability that the user will always enter their password accurately?
2. Will users have to write it down, choose a predictable password, or actually remember
it?
A hashed password is a commons security technique as it enables a password to be
automatically meshed with a fixed-length salt value, which is algorithmically programmed to
be slow in execution primarily to stop hackers from running automated scripts to hack them.
Nonetheless, hackers have become more sophisticated over time, and hence, password policies
have to be stricter to avoid loopholes in security.
Identification is critical to establish the validity of a user providing a claimed identity to the
system. The optimal password protocol design requires the verification of the users identity
within a system entity, an authentication process that involves the following steps:

Identification: presenting an identifier to the security system.

Verification: utilizing authentication information that binds the entity and identifier to
validate the user accessing the account.

The general user should have to establish the following password protocol before setting up
their account for usage:

Means of Authentication Type

Characteristics
1. Content: Password must not contain real name,
username, or dictionary word.
2. Length: Min. 12 characters.

1. Complex Password
Policy

3. Mixture of characters: Password must contain 3 out of


the 4:
- Uppercase char. (A-Z)
- Lowercase char. (A-Z)
- Digits 0-9
- Nonalphanumeric char. (*&^$%#&)

Ideally, the optimal way to develop a lengthy and untraceable password, yet maintain its
legitimacy by following the Complex Password Policy rules, is to replicate a catchphrase. An
example of a secure password as suggest above would be:
1. To be or not to be
The method to create a password that is both memorable, yet as unhackable as possible, is to
implement the suggestions as such:
2. t0_b5_0r_n0t_2_b3!@$ = 21 characters.
To optimize the password selection process and ensure users have the most applicable security
attached to their accounts, a complex password policy is the ideal strategy. This method is
executed in the following way:
a. User selects his/her password
b. The system confirms whether the password is permitted, or rejects it
c. The system recommends a password that is both memorable and secure enough
that an intruder would be unable to guess it
This strategy ensures that both user acceptability and strength is maximized.
To ensure the users follow the correct protocol to select a password, rule enforcement would
be the best strategy, as it ensures the password is at least 12 characters long, as well as that it
includes a combination of upper/ lowercase letters, numeric digits, and more. This is ideal
because it provides security from the highest priority to the general user, as well as does not
require the user to change their password on a consistent basis (which would result in more
issues).

An added security measure to ensure the right user is accessing


the account they are authorized for is to link their mobile
number to the account. Every time they enter their account
information to log in, an SMS code is sent to their phone, from
wherein they need to enter the code into the system to enable
verified access.

2. PIN (via SMS


authentication)

You enter
your User
ID and
password
as usual.

The entity
sends a
verificatio
n code to
your
mobile
device via
SMS.

You enter
the code
to verify
your
identity
and
complete
sign in.

In case the password is forgotten, this additional security


measure ensures the right user is accessing the account.

In the rare case that the user forgets the password, they must
specify the following general knowledge based questions that
the user selected during setup and would remember by
memory:

3. Prearranged questions

1. Name of first pet/teacher/school: a


personal fact that a potential intruder would
be unaware of
2. Name of favourite song: another personal
fact an intruder would have difficulty
guessing, but user would remember
3. Next place to travel to: a third answer that
is very personal

In regards to the usability and effectiveness of this designated password protocol, it provides
the optimal combination of security, accuracy and authorization to ensure that the users
account is well protected.
1. Optimal Password Protection: The recommended characteristics to structure the
users passwords, ensure that the length, mix of letters/numeric/symbols, and
randomized strings, will guarantee that neither a human, nor bot, intruder will be able
to illegally access any unauthorized data. Also, with the rule enforcement strategy, it
enables the user to select a password that they can remember and is also secure.
2. PIN Validation: By developing a secondary wall of security that will require
additional authorization via the users own mobile device, it will ensure that any
claimant attempting to access the account and enters the wrong password, will have to
validate their identity through their referenced device.

3. Prearranged Questions: If Step 2 does not enable the user to enter the account (in the
circumstance that their phone is out of operation), the user can proceed to answer the
prearranged questions they originally established when setting up their account. This
will ensure that the intended user will be obtaining authority to change their password
for future usage.
The established security measures ensure that there is a very high confidence in the asserted
identitys validity. By following the recommended password tips, the user will surely be able
to establish a password that is memorable, recoverable and secure.

You might also like