Proposal | ids494jgoch

Proposal

Password security still remains one of the largest problem areas in cybersecurity, despite the fact that pretty much anything done online now requires some sort of password. Almost all organizations, governments, industries, schools, and businesses depend on computers to work properly to run operations. Due to the amount of sensitive data stored within an organization’s systems, it is critical to build a strong security plan.

The problem is people want to be secure, but at their convenience. In a study commissioned by the analytics software firm FICO (2018), researchers found that of 2,000 U.S. adults, 81 percent didn’t see a need for what they considered to be unnecessary security procedures, 47 percent said they were sick of having to answer endless security questions, and 64 percent are upset over having to create elaborate passwords that feature a mix of numbers, symbols and capital letters. In that same survey, 71 percent think there are simply too many security measures nowadays, but the bottom line is that without passwords, private data and information would be accessible to anyone and everyone, and that would most certainly cause pandemonium.

All of this is meant to protect us, ensuring no one else can access our accounts or data. Most data breaches occur due to weak passwords and human error. According to Manjares “81% of hacking-related breaches used stolen passwords and/or weak passwords” (2021). Stolen or compromised credentials are not only the most common cause of a breach, in IBM’s most recent annual report on data breaches (2022), it was found that stolen or compromised credentials also take the longest time to identify, which ends up costing on average $150,000 more than all other types of data breaches. The average cost of a data breach from compromised passwords totals more than 4.5 million dollars.

Most modern jobs require the use of multiple systems, and for every system, the user is required to create a complex password that contains a combination of characters, symbols, and numbers, etc. These rigid password requirements make it difficult for the average user to memorize their passwords, and so users usually resort to saving a password in their system or writing it on a Post-It note near their workstation, making security more vulnerable. If for some reason a cyber-criminal can penetrate the system, then the passwords can be easily compromised and used for lateral moves within the networks. An employee writing passwords onto a paper poses a large threat for a company because that full paper may end up in the trash. Hackers will often go dumpster diving, going through trash specifically looking for sensitive information and passwords (Games, 2022). This idea sounds ridiculous; however, it is a very common technique. Computers have evolved over the years; however, we continue to have the same security problems. We continue to use the same techniques to mitigate security concerns. In my opinion, password security strategies need to completely shift-especially for larger organizations that hold sensitive information.

My solution to eliminate password issues for companies is to create an electronic ID that uses biometrics. Not only will the ID be used by employees to authenticate themselves into the networks but also be used as an identification device for entry to the facilities. The ID will have a photo of the employee that will be scanned to enter the building. Once the employee arrives at their workstation, the user will scan the ID along with their fingerprint in the personal computer. The device will create a token to allow the user to access all their systems without having to type the password every time a system is accessed, similar to a single sign on, but using biometrics. This method will eliminate the need to store and create several passwords for each program which will also help eliminate human error. The token will only be available for 24 hours, and once the token has expired, the user will be required to follow the same steps to access their computer. This method will provide multiple layers of security for the user because it will be impossible for a cyber intruder to obtain both the physical ID and the biometric fingerprint at the same time.

Most of the issues within companies occur due to human error. Because this device is physical, it is expected that employees will lose it or forget it at home from time to time. To resolve this problem, security officers at the facilities will have additional IDs stored in a safe. Only the security personnel will have the permissions to temporarily activate the devices and attach the users’ biometric profile. The temporary devices will deactivate themselves after 24 hours to maintain security in case one of them is taken home by mistake.

Another issue that is expected with this prototype is that biometrics can be costly, so the product may not be in everyone’s reach. My target clientele for this product is larger companies that hold extremely sensitive information, such as financial institutions and government agencies. According to CishowHardware, fingerprint scanners cost around $50.00 to $2,500.00 each (2022). The cost of this type of scanner may seem high, but when compared to a successful cyber-attack the price is minimal. In 2011, Sony Entertainment’s data room was infiltrated, and hackers used compromised accounts to steal 100 million customers’ records (Agrafiotis, 2018). The incident left Sony with a financial burden of 171 million dollars and an extremely damaged reputation. Acquiring advanced biometric technology may seem like a massive expense; however, it is an investment that has the potential to save companies millions of dollars.

Finally, to verify the product is working successfully, the device will have to go through the last phase of the design thinking model: the process of validation. The method of validation that will be used is the A/B comparison, the product will be rolled out to a smaller group of users to compare it from the previous method of authentication. With the feedback from employees, the product will show if it is successfully working or not. It can also help improve the areas that are not working properly before it’s rolled out to the full organization (Landaeta, 2020).

Technological advances have improved the quality of operations for many organizations. However, with any improvement many issues also arise. Password security being one of the most common problems. Over the years, security professionals have tried to make passwords stronger and more complex however, it has not eliminated the problem with human error. Most data breaches continue to occur due to weak passwords therefore, it is highly critical for companies that hold vital information to take more drastic measures to counter the problem. With this passwordless approach I will eliminate the problem of creating complex passwords. As it is expected the product will go through a process of validation to eliminate any issues or glitches. Once the full testing is completed, the product will be finally rolled out to all the associates in the organization.

References

CishowHarware. (2022). How much do fingerprint readers typically cost?: C&I show security. C&I Show Security Systems, Inc. Retrieved March 3, 2023, from https://cishowhardware.com/fingerprint-readers-cost/#:~:text=%5BOn%20average%2C%20fingerprint%20readers%20will,with%20live%20finger%20detection%20ability.

Agrafiotis, I., Nurse, J. R., Goldsmith, M., Creese, S., & Upton, D. (2018). A taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagate. Journal of Cybersecurity, 4(1). https://doi.org/10.1093/cybsec/tyy006

FICO. (2018). Survey: Americans are frustrated by security measures. FICO Decisions Blog. Retrieved March 3, 2023, from https://www.fico.com/blogs/survey-americans-are-frustrated-security-measures

Game, M. (2022). Dumpster Diving/Trashing. GeeksforGeeks. Retrieved March 3, 2023, from https://www.geeksforgeeks.org/dumpster-diving-trashing/

IBM. (2022). Cost of a data breach 2022. IBM. Retrieved March 3, 2023, from https://www.ibm.com/reports/data-breach?utm_content=SRCWW&p1=Search&p4=43700072379268712&p5=p&gclid=Cj0KCQiA0oagBhDHARIsAI-BbgeHRnEciROo_p7W4X9x5NGm4ZsBAbSYR-l4Lu5BxtXJg1LpQlkutVsaAuYoEALw_wcB&gclsrc=aw.ds

Landaeta, R. (2020). Design Thinking Agile Innovation Projects. Retrieved March 3, 2023, from https://ww1.odu.edu/content/dam/odu/offices/reyes/docs/design-thinking-agile-innovation-projects.pdf

Manjarres, S. (2021). 2021 World Password Day: How many will be stolen this year? – secplicity – security simplified. Secplicity. Retrieved March 3, 2023, from https://www.secplicity.org/2021/05/04/2021-world-password-day-how-many-will-be-stolen-this-year/