Midterm Assignment:

ACCT112 4BSA

1. How can passwords circumvent security? What actions can be taken to minimize this?
Password management is critical for reducing security threats. Weak passwords, as well as their
reuse across several accounts, can be abused, exposing users to assaults. Phishing efforts, in which
users are duped into giving passwords, continue to be a serious concern. Credential stuffing, social
engineering, insider threats, and insufficient encryption exacerbate these dangers. Organizations
should enforce strong password regulations, encourage unique passwords, implement multi-factor
authentication, and educate users about potential dangers to mitigate these difficulties. Regular
training, stringent access control, safe password recovery mechanisms, and current encryption
technologies are all required. Furthermore, keeping up with software upgrades and using intrusion
detection systems can help to harden defenses, making it more difficult for attackers to exploit
password-related weaknesses. Also, to protect against these security breaches, software that only
permits smart passwords and one-time passwords to be used in conjunction with smartcards is
available.

2. Explain how the one-time password approach works.

The user's password is constantly changed in this method. To get access to the operating system,
the user must enter both a secret reusable personal identification number (PIN) and the current
one-time only password. One solution makes use of a credit-card-sized device (smart card) with a
microprocessor that is configured with an algorithm that generates and visibly displays a new and
unique password every 60 seconds. The card communicates with specific authentication software
installed on a mainframe host or network server computer. At any one time, the smart card and
network software are both creating the same password for the same user. The user enters the PIN
followed by the current password shown on the card to get access to the network. The password
can be used one time only.

Also, the one-time password (OTP) method is a security mechanism that is used to improve
authentication procedures. OTPs, as opposed to static passwords, are unique and valid for only
one login session or transaction, offering an added degree of protection. OTPs can be created
using a variety of techniques, including hardware tokens, software tokens (mobile applications),
and SMS/email. A temporary OTP is generated when a user attempts to log in or conduct a
sensitive operation. This OTP, which is typically only valid for a limited time, must be entered in
addition to their usual credentials. When the OTP is used, it becomes invalid, rendering it useless
for subsequent login attempts, even if intercepted by malevolent actors. This method considerably
minimizes the danger of unauthorized access, particularly in cases where static passwords may be
subject to phishing or keylogging assaults. Furthermore, OTPs are dynamic, which means that
even if a cybercriminal obtains one, it cannot be used beyond the single instance for which it was
produced, hence improving overall security.

3. Why is inadequate segregation of duties a problem in the personal computer environment?

4. Discuss six ways that threats from destructive programs can be substantially reduced through a
combination of technology controls and administrative procedures.
5. Explain the three ways that audit trails can be used to support security objectives.