24,147 research outputs found
“Ten strikes and you're out”: Increasing the number of login attempts can improve password usability
Many users today are struggling to manage an increasing number of passwords. As a consequence, many organizations face an increasing demand on an expensive resource – the system administrators or help desks. This paper suggests that re-considering the “3- strikes” policy commonly applied to password login systems would be an immediate way of reducing this demand. We analyzed 10 weeks worth of system logs from a sample of 386 users, whose login attempts were not restricted in the usual manner. During that period, only 10% of login attempts failed. We predict that requests for password reminders could be reduced by up to 44% by increasing the number of strikes from 3 to ten
Strengthening e-banking security using keystroke dynamics
This paper investigates keystroke dynamics and its possible use as a tool to prevent or detect fraud in the banking industry. Given that banks are constantly on the lookout for improved methods to address the menace of fraud, the paper sets out to review keystroke dynamics, its advantages, disadvantages and potential for improving the security of e-banking systems. This paper evaluates keystroke dynamics suitability of use for enhancing security in the banking sector. Results from the literature review found that keystroke dynamics can offer impressive accuracy rates for user identification. Low costs of deployment and minimal change to users modus operandi make this technology an attractive investment for banks. The paper goes on to argue that although this behavioural biometric may not be suitable as a primary method of authentication, it can be used as a secondary or tertiary method to complement existing authentication systems
On the Privacy Practices of Just Plain Sites
In addition to visiting high profile sites such as Facebook and Google, web
users often visit more modest sites, such as those operated by bloggers, or by
local organizations such as schools. Such sites, which we call "Just Plain
Sites" (JPSs) are likely to inadvertently represent greater privacy risks than
high profile sites by virtue of being unable to afford privacy expertise. To
assess the prevalence of the privacy risks to which JPSs may inadvertently be
exposing their visitors, we analyzed a number of easily observed privacy
practices of such sites. We found that many JPSs collect a great deal of
information from their visitors, share a great deal of information about their
visitors with third parties, permit a great deal of tracking of their visitors,
and use deprecated or unsafe security practices. Our goal in this work is not
to scold JPS operators, but to raise awareness of these facts among both JPS
operators and visitors, possibly encouraging the operators of such sites to
take greater care in their implementations, and visitors to take greater care
in how, when, and what they share.Comment: 10 pages, 7 figures, 6 tables, 5 authors, and a partridge in a pear
tre
Redesigning More Resilent Sahana System For Disaster Information In Indonesia
This application is a disaster information system in Indonesia using Sahana platform that has many unique features of the integration Sahana disaster with some applications that have been built independently in the previous year of mudflow in Sidoarjo, Solo in Bojonegoro Flood, and Forest Fires in Kalimantan. Addition, this application provides a virtual feature class that is learning GIS and Sahana, complete with an online test and the results. Since the system is web-based, then use the appropriate technology that is MapServer as web server, php, html, and javascript as a system builder and PostgreSQL for data storage. To improve the security of these applications also added SSL and Mod Security. SSL to secure data line and mod security to prevent attacks SQL Injection and Cross Site Scripting. Two of these securities will keep the system from attack, so the important data such as victims of disasters, infrastructure and map safe. With this integration, these applications into a complete information system, safely and in accordance with local conditions of each disaster. Keywords : Disaster Management, Sahana, Virtual Class, Integration System
Password Cracking and Countermeasures in Computer Security: A Survey
With the rapid development of internet technologies, social networks, and
other related areas, user authentication becomes more and more important to
protect the data of the users. Password authentication is one of the widely
used methods to achieve authentication for legal users and defense against
intruders. There have been many password cracking methods developed during the
past years, and people have been designing the countermeasures against password
cracking all the time. However, we find that the survey work on the password
cracking research has not been done very much. This paper is mainly to give a
brief review of the password cracking methods, import technologies of password
cracking, and the countermeasures against password cracking that are usually
designed at two stages including the password design stage (e.g. user
education, dynamic password, use of tokens, computer generations) and after the
design (e.g. reactive password checking, proactive password checking, password
encryption, access control). The main objective of this work is offering the
abecedarian IT security professionals and the common audiences with some
knowledge about the computer security and password cracking, and promoting the
development of this area.Comment: add copyright to the tables to the original authors, add
acknowledgement to helpe
- …