Lost and not Found: An Investigation of Recovery Methods for Multi-Factor Authentication

Multi-Factor Authentication is intended to strengthen the security of password-based authentication by adding another factor, such as hardware tokens or one-time passwords using mobile apps. However, this increased authentication security comes with potential drawbacks that can lead to account and asset loss. If users lose access to their additional authentication factors for any reason, they will be locked out of their accounts. Consequently, services that provide Multi-Factor Authentication should deploy procedures to allow their users to recover from losing access to their additional factor that are both secure and easy-to-use. To the best of our knowledge, we are the first to first-hand investigate the security and user experience of deployed Multi-Factor Authentication recovery procedures. We first evaluate the official help and support pages of 1,303 websites that provide Multi-Factor Authentication and collect documented information about their recovery procedures. Second, we select a subset of 71 websites, create accounts, set up Multi-Factor Authentication, and perform an in-depth investigation of their recovery procedure security and user experience. We find that many websites deploy insecure Multi-Factor Authentication recovery procedures and allowed us to circumvent and disable Multi-Factor Authentication when having access to the accounts' associated email addresses. Furthermore, we commonly observed discrepancies between our in-depth analysis and the official help and support pages, implying that information meant to aid users is often either incorrect or outdated

Educación penitenciaria y su importancia en la resocialización de los condenados por robo agravado en el Establecimiento Penitenciario de Cajamarca, 2019

El presente trabajo de indagación estudia la educación como parte del tratamiento penitenciario contribuye en la resocialización de los internos condenados por robo agravado en el Establecimiento Penitenciario de Cajamarca,2019; a fin de analizar de como se viene desarrollando en los internos sentenciados por robo agravado. De ello se desprende nuestro objetivo general, determinar de qué manera la educación como parte del tratamiento penitenciario contribuye en la resocialización de los internos condenados por robo agravado en el Establecimiento Penitenciario de Cajamarca,2019. Por otro lado, la metodología empleada, es básica de carácter descriptiva, con un enfoque cualitativo y método inductivo. De tal manera que se obtuvo resultados certeros por parte de los especialistas que laboran en dicha Institución. Finalmente, arribamos a una conclusión, qué la educación penitenciaria y su importancia en la resocialización de los condenados por robo agravado en el Establecimiento Penitenciario de Cajamarca, 2019; si contribuye en su tratamiento de los internos condenado por dicho delito; por el contrario, las falencias que se suscitan son otras, como la falta de personal multidisciplinario en las diversas áreas de dicho presidio

“Would You Give the Same Priority to the Bank and a Game? I Do Not!” Exploring Credential Management Strategies and Obstacles during Password Manager Setup

Password managers allow users to improve password security by handling large numbers of strong and unique passwords without the burden of memorizing them. While users are encouraged to add all credentials to their password manager and update weak credentials, this task can require significant effort and thus jeopardize security benefits if not completed thoroughly. However, user strategies to add credentials, related obstacles, and their security implications are not well understood. To address this gap in security research, we performed a mixed-methods study, including expert reviews of 14 popular password managers and an online survey with 279 users of built-in and third-party password managers. We extend previous work by examining the status quo of password manager setup features and investigating password manager users’ setup strategies. We confirm previous research and find that many participants utilize password managers for convenience, not as a security tool. They most commonly add credentials whenever a website is visited, and prioritize what they add. Similarly, passwords are often only updated when they are considered insecure. Additionally, we observe a severe distrust towards password managers, leading to users not adding important passwords. We conclude our work by giving recommendations for password manager developers to help users overcome the obstacles we identified

Nivel de conocimiento en prevención bucodental de padres de familia del nivel primaria del Colegio 21575- Huayto, Pativilca, 2021

Objetivo: Determinar el nivel de conocimiento en prevención bucodental en padres de familia del nivel primaria del colegio 21575- Huayto, Pativilca, 2021. Metodología: El enfoque de la investigación es cuantitativo, prospectivo, tipo de investigación básica, nivel descriptivo y diseño no experimental, se tuvo como población a los padres de familia cuyos hijos están matriculados en el nivel primario del colegio 21575 Huayto, Pativilca, la selección de la muestra fue no probabilístico, por conveniencia, se trabajó con 79 padres que aceptaron ser parte de nuestra investigación

Pushed by Accident: A Mixed-Methods Study on Strategies of Handling Secrets in Source Code Repositories

Version control systems for source code, such as Git, are key tools in modern software development. Many developers use services like GitHub or GitLab for collaborative software development. Many software projects include code secrets such as API keys or passwords that need to be managed securely. Previous research and blog posts found that developers struggle with secure code secret management and accidentally leaked code secrets to public Git repositories. Leaking code secrets to the public can have disastrous consequences, such as abusing services and systems or making sensitive user data available to attackers. In a mixed-methods study, we surveyed 109 developers with version control system experience. Additionally, we conducted 14 in-depth semi-structured interviews with developers who experienced secret leakage in the past. 30.3% of our participants encountered code secret leaks in the past. Most of them face several challenges with secret leakage prevention and remediation. Based on our findings, we discuss challenges, such as estimating the risks of leaked secrets, and the needs of developers in remediating and preventing code secret leaks, such as low adoption requirements. We conclude with recommendations for developers and source code platform providers to reduce the risk of secret leakage

“We’ve Disabled MFA for You”: An Evaluation of the Security and Usability of Multi-Factor Authentication Recovery Deployments

Multi-Factor Authentication is intended to strengthen the security of password-based authentication by adding another factor, such as hardware tokens or one-time passwords using mobile apps. However, this increased authentication security comes with potential drawbacks that can lead to account and asset loss. If users lose access to their additional authentication factors for any reason, they will be locked out of their accounts. Consequently, services that provide Multi-Factor Authentication should deploy procedures to allow their users to recover from losing access to their additional factor that are both secure and easy-to-use. In this work, we investigate the security and user experience of Multi-Factor Authentication recovery procedures, and compare their deployment to descriptions on help and support pages. We first evaluate the official help and support pages of 1,303 websites that provide Multi-Factor Authentication and collect documented information about their recovery procedures. Second, we select a subset of 71 websites, create accounts, set up Multi-Factor Authentication, and perform an in-depth investigation of their recovery procedure security and user experience. We find that many websites deploy insecure Multi-Factor Authentication recovery procedures and allowed us to circumvent and disable Multi-Factor Authentication when having access to the accounts’ associated email addresses. Furthermore, we commonly observed discrepancies between our in-depth analysis and the official help and support pages, implying that information meant to aid users is often either incorrect or outdated. Based on our findings, we provide recommendations for best practices regarding Multi-Factor Authentication recovery

Criptomonedas: historia, inmersión en los procesos productivos y perspectivas a futuro de las CBDC

El presente artículo tiene como objetivo brindar una revisión acerca de las criptomonedas y su rol en la economía moderna, centrándose en la inmersión de las criptofinanzas en el sector real de la economía y sus procesos productivos, desde su creación y su tecnología subyacente hasta la concepción y desarrollo a futuro de las monedas digitales de banco central (CBDC). Se evidencia que las criptomonedas, pese a su gran popularidad en ciertos sectores, tiene aún poca relevancia en los procesos productivos. No obstante, y sobre todo con la posibilidad de que las autoridades monetarias emitan su versión de moneda digital, se espera que la relación entre las criptofinanzas y el sector real de la economía sea cada vez mayor.

Kusqa

El objetivo de nuestra idea de negocio se apoya en satisfacer las necesidades que existen actualmente en el rubro de la educación en nuestro país ya que, por la coyuntura presente causada por la pandemia del COVID-19, varios centros educativos se vieron en la necesidad de permanecer cerrados y enfocar en promover una educación de forma virtual. El sistema de educación se ha adaptado de manera abrupta y ha manifestado que tanto los alumnos como el profesorado no están capacitados para recibir y adoptar educación a distancia de calidad respectivamente. Por esta razón, se busca que mediante los cursos que ofrece Kusqa, se pueda entender de forma sencilla la importancia que tienen las herramientas digitales en la educación hoy en día y el aprendizaje de estas para poder desarrollar conocimientos y destrezas en este ámbito. Por otra parte, los indicadores financieros que presenta el alcance del proyecto apuntan a que Kusqa es rentable en el tiempo, ya que el Valor Actual Neto (VAN) es de S/.168,562, por lo que el negocio es viable y generará un rendimiento. También, la Tasa Interna de Retorno (TIR) que nos ofrece esta inversión es de un 65%. Por último, el tiempo de recupero de la inversión (PRD) es de 2.45 años (3 años aproximadamente).The objective of our business idea is based on satisfying the needs that currently exist in the field of education in our country since, due to the current situation caused by the COVID-19 pandemic, several educational centers needed stay closed and focus on promoting an education virtually. The education system has adapted abruptly and has shown that both students and teachers are not trained to receive and adopt quality distance education, respectively. For this reason, it is sought that through the courses offered by Kusqa, it is possible to understand in a straightforward way the importance of digital tools in education today and the learning of them to develop knowledge and skills in this area. On the other hand, the financial indicators presented by the scope of the project indicate that Kusqa is profitable over time since the Net Present Value (NPV) is S /.168,562, so the business is viable and will generate a return. Also, the Internal Rate of Return (IRR) offered by this investment is 65%. Finally, the payback time (PRD) is 2.45 years (3 years).Trabajo de investigació

Chamba para vendedores

En el Perú, actualmente, empresas de diferentes sectores dedicadas a las ventas de productos y/o servicios enfrentan un problema de alta rotación de personal; el Perú es uno de los países con mayor índice de rotación laboral en toda Latinoamérica. Este problema amerita una atención y un gran esfuerzo por parte de los directivos de las organizaciones, pues, además de causar efectos negativos en el clima laboral, impacta en el funcionamiento de cualquier negocio afectando los ingresos y rentabilidades de la empresa. Por tanto, el reclutamiento y selección del personal se ha convertido en una preocupación para las organizaciones, debido a los largos plazos y los elevados presupuestos que ello representa para conseguir el perfil adecuado. Por otro lado, la inteligencia artificial ha demostrado ser una herramienta esencial para la optimización de los procesos de selección de personal, sobre todo cuando los plazos para su reemplazo deben ser cortos. Dentro del análisis del diagnóstico situación del entorno y del mercado, existen muchos factores tanto externos como internos que muestran ventajas y oportunidades para el negocio, lo que nos ha permitido trazar como estrategia la diferenciación en el servicio. En ese sentido, la presente tesis desarrolla el análisis de un negocio de reclutamiento del personal basado en el uso de una plataforma digital con ayuda de inteligencia artificial, negocio que, de acuerdo con la evaluación realizada, es rentable

Down selecting adjuvanted vaccine formulations: a comparative method for harmonized evaluation.

The need for rapid and accurate comparison of panels of adjuvanted vaccine formulations and subsequent rational down selection, presents several challenges for modern vaccine development. Here we describe a method which may enable vaccine and adjuvant developers to compare antigen/adjuvant combinations in a harmonized fashion. Three reference antigens: Plasmodium falciparum apical membrane antigen 1 (AMA1), hepatitis B virus surface antigen (HBsAg), and Mycobacterium tuberculosis antigen 85A (Ag85A), were selected as model antigens and were each formulated with three adjuvants: aluminium oxyhydroxide, squalene-in-water emulsion, and a liposome formulation mixed with the purified saponin fraction QS21. The nine antigen/adjuvant formulations were assessed for stability and immunogenicity in mice in order to provide benchmarks against which other formulations could be compared, in order to assist subsequent down selection of adjuvanted vaccines. Furthermore, mouse cellular immune responses were analyzed by measuring IFN-γ and IL-5 production in splenocytes by ELISPOT, and humoral responses were determined by antigen-specific ELISA, where levels of total IgG, IgG1, IgG2b and IgG2c in serum samples were determined. The reference antigens and adjuvants described in this study, which span a spectrum of immune responses, are of potential use as tools to act as points of reference in vaccine development studies. The harmonized methodology described herein may be used as a tool for adjuvant/antigen comparison studies