Professional Documents
Culture Documents
Midterm Assignment No1 ACCT112 4BSA
Midterm Assignment No1 ACCT112 4BSA
ACCT112 4BSA
1. How can passwords circumvent security? What actions can be taken to minimize this?
Password management is critical for reducing security threats. Weak passwords, as well as their
reuse across several accounts, can be abused, exposing users to assaults. Phishing efforts, in which
users are duped into giving passwords, continue to be a serious concern. Credential stuffing, social
engineering, insider threats, and insufficient encryption exacerbate these dangers. Organizations
should enforce strong password regulations, encourage unique passwords, implement multi-factor
authentication, and educate users about potential dangers to mitigate these difficulties. Regular
training, stringent access control, safe password recovery mechanisms, and current encryption
technologies are all required. Furthermore, keeping up with software upgrades and using intrusion
detection systems can help to harden defenses, making it more difficult for attackers to exploit
password-related weaknesses. Also, to protect against these security breaches, software that only
permits smart passwords and one-time passwords to be used in conjunction with smartcards is
available.
Also, the one-time password (OTP) method is a security mechanism that is used to improve
authentication procedures. OTPs, as opposed to static passwords, are unique and valid for only
one login session or transaction, offering an added degree of protection. OTPs can be created
using a variety of techniques, including hardware tokens, software tokens (mobile applications),
and SMS/email. A temporary OTP is generated when a user attempts to log in or conduct a
sensitive operation. This OTP, which is typically only valid for a limited time, must be entered in
addition to their usual credentials. When the OTP is used, it becomes invalid, rendering it useless
for subsequent login attempts, even if intercepted by malevolent actors. This method considerably
minimizes the danger of unauthorized access, particularly in cases where static passwords may be
subject to phishing or keylogging assaults. Furthermore, OTPs are dynamic, which means that
even if a cybercriminal obtains one, it cannot be used beyond the single instance for which it was
produced, hence improving overall security.
4. Discuss six ways that threats from destructive programs can be substantially reduced through a
combination of technology controls and administrative procedures.
5. Explain the three ways that audit trails can be used to support security objectives.