Posted: February 4th, 2015
Paper, Order, or Assignment Requirements
CNET 232 Coursework Assignment 2014
Assessing Password Security
Aims: To improve your understanding of systems security and the limitations that can occur in practice.
Task: Research and analyse the use of password security in the context of websites, assessing the extent to which they are following and encouraging good practice.
Background
Despite the various weaknesses that have been observed and documented over the years, user authentication continues to be dominated by password-based mechanisms. This is particularly true on websites, where they represent an approach that users can be guaranteed to be able to use from any type of device without any prerequisites in terms of additional hardware (e.g. as would be the case if tokens or certain biometric methods were to be used). However, the password requirements imposed by many websites appear to be rather limited, and in many cases they do not satisfy the good practice guidelines that users would often be encouraged to follow elsewhere.
The task
Your task in this assignment is to conduct a study of password authentication on websites and to assess the extent to which good practice is being followed and encouraged.
Your main report should clearly explain your chosen criteria and websites, plus the methodology adopted for the evaluation (i.e. the process by which you went about testing the criteria on each of the sites). It should also present the details of your findings and a discussion of their implications.
Your report should begin with an Executive Summary, of no more than one page in length (in 12pt font), which outlines and summarises the key process, findings and recommendations from your study.
You should give appropriate consideration to the presentation and structure of your report. Marks will be gained for including appropriate introduction and concluding sections, as well as for appropriate use of figures and tables that can usefully accompany and support the text.
Important note
Please note that in performing the evaluation of the sites, you are NOT being asked to probe or break the security of their password mechanisms, or to perform any other form of activity that could constitute an attack against them. You can undertake the evaluation using entirely legitimate means, by looking at what the sites provide and (where necessary) creating or using your own user accounts on them.
Report assessment criteria
Executive Summary 10%
Selection and justification of evaluation criteria 20%
Explanation of website choices and evaluation methodology 20%
Analysis and discussion of findings 40%
Report presentation and clarity 10%
The overall length of the submission (excluding any appendices) should not exceed 3,500 words.
The report is worth 70% of the overall mark for the module.
Threshold Criteria (please note that these are indicative only)
Submission
Deadline: 12pm (i.e. midday) on 12th December
Note:
Place an order in 3 easy steps. Takes less than 5 mins.