Vous êtes sur la page 1sur 36

While physical security is important, securing your digital assets is just as

important. Access to most digital assets is protected via a password. The


password is the key to your sensitive information – files, data sets,
confidential information, among others. A password is a form of secret
authentication data that is used to control access to a resource. The
password is kept secret from those not allowed access, and those wishing
to gain access are tested on whether or not they know the password and
are granted or denied access accordingly. Passwords vary in the degree of
public awareness, security protection and frequency of change. How
secure is your password? If someone is able to guess your password, none
of the systems in the world will protect your valuable information. Your
assets are only as secure as your weakest password. Mitigating
authentication weaknesses by increasing password length and complexity
will reduce security if passwords are pushed beyond the peak of their
effectiveness. With this philosophy we aimed to research on the
awareness regarding this matter and found hopeful results.

Before we could work towards a more appropriate solution to users’


insecure password practices, it would be necessary to study the
underlying cause of these practices, which lies within users’ perceptions
of their accounts and passwords. In this thesis, we present the findings
from our study, which investigated the importance of the strength and
privacy, people place on passwords and whether they understand the role of
how weak passwords can lead to exposure of crucial information. Our findings
revealed that anyone can easily become a victim of e-crime as there are
various ways to steal your password or personal information if you are not
concerned about protecting your account and personal information
against security hazards. People are ignorant about password strength.
Research has proved that passwords are commonly shared and not kept
private by people, same passwords are used for multiple accounts, people
are unaware of data stealing software, there is fear in using E banking;
credit cards, online banking etc.

~ 1 ~
Introduction:
With the advent of the internet, various aspects of life have been
revolutionized; everything has been taken to a different level. Amongst all
these revolutionary changes is the shifting of trends concerning data
security. Gone is the time when lock and key were supposed to be kept
hidden. This is the digital era where everything is accessible by the click of a
button. With the banking industry also being revolutionized by information
technology, the biggest threat to its modernization and adaptation is threat
of data security. Internet banking allows its users to conduct a variety of
tasks from the comfort of their homes, once thought impossible. Various
internet services are being provided by banks globally from as simple as
checking bank account balances to the wire transfer of millions of dollars at
the click of a button. With any new solution comes a problem and with that
problem comes a solution waiting to be unearthed. Internet banking while
having brought the ease and convenience of transacting from the comfort of
one’s home or office brings with itself the very real exploitation threat. There
has been an increasing number of electronic crime cases reported or rather
more commonly known as e-crime. E-Crime generally refers to a criminal
activity where a computer or computer network is the source, tool, target, or
place of a crime. Despite the unavoidable references to ‘computers’ or
‘online activity’, e-Crime encompasses a whole range of ‘traditional’ crimes -
such as fraud, theft, blackmail, forgery and embezzlement. For the sake of
our discussion and to simplify the definition this report will deal with e crime
as defined by criminal activity where personal and financial information is at
stake because of weak or inadequate network security. Exploitation can
occur during various stages. This report will deal with shortcomings in
security on part of the user, pertaining to password setting, one of the most
basic aspects and something that the user can control arbitrarily.

For the progress of online financial services offered by banks to gain pace,
specially in an under developed country like Pakistan, where most people
hesitate in getting involved in the banking sector due to religious reasons,
the only way internet banking can gain popularity and be accepted is when
the benefits of the above are widely published and all threats eliminated or
at least diminished. Banks benefit from offering this service due to its low
costs and economies of scale. The cost for serving 100,000 customers is
virtually the same as serving 10,000. Hence this system boasts of huge
savings for banks. For the users, the major advantages are convenience and
accessibility on-the-go, with a wide range of attractive internet packages

~ 2 ~
being offered by telecom companies this serves as a rich ground for the
growth of internet banking.

One of the key aspects of security, the most basic and the first step to
understanding the importance of security is the significance of a good
password. A strong password can protect personal and financial information
from those wishing to exploit along with supplementary albeit equally crucial
measures. Since there has been virtually no research conducted in this area,
in Pakistan, we would like to take this opportunity to research on the
awareness of the importance of passwords people place on them.

Methodology:
The rationale behind this research is based on the belief that many people
do not pay adequate attention when setting passwords. The focus of this
study is to identify the importance of the strength and privacy, people place
on passwords and whether they understand the role of how weak passwords
can lead to exposure of crucial information. A direct issue arising from this is
of people revealing personal information which may seem harmless, but can
be a deadly arsenal for someone waiting to exploit and compromise the
situation of such people.

A questionnaire was designed comprising of 15 questions was used to


conduct a sample survey in order to evaluate from respondents on how
passwords are chosen and whether the same passwords are assigned for
multiple accounts and how careful people are when it comes to discussing
seemingly irrelevant personal information. The questionnaire aims to identify
areas of vulnerability. The sample population was aged above 25 years of
age and working in diversified professions, and was tested about the
importance of personal information and about the subjectivity of a “good
password”. With the result we will aim to prove how the weakness of a
password contributes to risk of personal and financial information, and how
awareness of this matter can help with the promotion of E banking.

~ 3 ~
Literature Review:
Passwords have been a necessary part for most of the online activities
people do. We require passwords to protect our data and accounts form Data
Snatchers, who’re constantly looking to access our data. Passwords are
actually the keys that help the hackers to open up the accounts you exercise
most of the time on the internet i.e. your email, bank account, social
networking websites, etc. So, people who use single password for various
accounts can put their valuable information or money at risk. Single
passwords actually help hackers to snatch what you have because using the
same password for various times on different web sites helps them to
“crack” the password easily.

Previous studies have shown that users often write their passwords down,
and post them in obvious locations (Barton and Barton 1984; Adams and
Sasse 1999; Dhamija and Perrig 2000; Horowitz 2001). Users often
create weak passwords based on obvious dictionary words or personal
information, which can be guessed by people who know enough about them.
These weak passwords include birth dates, personal names, nicknames,
names of partners or favorite celebrities, and even the word ‘password’
(Riddle, Miron et al. 1989; CentralNic 2001; Sasse, Brostoff et al.
2001; Brown, Bracken et al. 2004). Password sharing between friends
and work colleagues has also been noted as a common practice. Many users
do this because of convenience and practical reasons (Adams and Sasse
1999), or as a result of social pressure. A recent study (Gaw and Felten
2006) showed that password reuse tends to increase as people accumulate
more accounts. Ives, Walsh et al. (2004) described the ‘domino effect’ of
multiple systems being susceptible to attacks because of password reuse.

Morris and Thompson (1979) studied a corpus of 3,289 passwords from


many users over a long period of time and discovered that 86% of these
passwords were extremely weak. Riddle, Miron et al. (1989) analyzed
6226 user generated passwords from IBM CMS environment used by
students and staff at Syracuse University in 1987, finding that many
passwords were extremely short and consisted of English words or persons’
names. Adams and Sasse (1999) conducted a study of password related
user behaviors, including password construction, frequency of use, password
recall and work practices. They concluded that their participants lacked
security motivation and understanding of password policies, and tended to
circumvent password restrictions for the sake of convenience. Dhamija and
Perrig (2000) conducted an interview-based study involving 30
participants. Similar to Adams and Sasse, they concluded that participants

~ 4 ~
tended to find ‘workarounds’ to circumvent system restrictions, which often
resulted in insecure password practices.

Know Hacking! But No Hacking:


People should be aware of the hacking techniques or they should make an
effort to know about the security threats they face in the cyber world. There
have been many real life cases and dozens of people who have become a
victim of e-crime and they have lost their valuable information or money just
because they were least bothered of the security hazards on the internet.
Another reason that why people should be concerned about their important
information is because the favorite target of hackers are home and home-
office computers because these computers are mostly connected to the
internet through a broadband and the connection is always open so the
hackers can easily locate these computers with the help of the scanners.

A few of the cases are mentioned below to let people know the importance
that they should be aware of the hacking techniques to safeguard their
online activities or they should keep their keys (passwords) strong enough to
be revealed by the hacker.

Credit Card scam


Credit cards have become a major source of electronic payment system and
it is widely used by the people to make online purchases of airline tickets
and other e-commerce transactions. Although major security actions (such
as SSL, secure web servers, etc.) have been implemented in websites but
still number of credit card frauds are increasing.

The scenario

A number of times people have complained that they have not made any
purchases for which they’re asked to make payments. It happens because
the victim’s credit card information is stolen by the Data Snatchers and they
misuse it for making online purchases and then the victim is asked to make
payments. Actually the bad guy or the Data Snatchers are liable who have
stolen the valuable information of the credit card holders as well as those
who have misused it.

~ 5 ~
The suspect install key loggers1 and other password revealing softwares in
public computers such as cyber cafes, airport lounges, etc and the innocent
people use these computers to make online purchases and when they enter
their credit card information; it is emailed to the suspect. Another technique
to know about the victim’s credit card information is the various people
who’re actually using your credit card to make receipt for your purchases
such as petrol pump attendants, hotel waiters who note down the
information and later sell it to criminal gangs that misuse it for online frauds.

Keeping passwords safe:

Passwords and pin numbers should not be written down anywhere to


remember and should not be disclosed to anyone. According to a recent
study, researchers have suggested that passwords should be difficult to
guess i.e. “strong” passwords rather than obvious passwords, such as
mother’s name or date of birth, etc.

Obama Twitter account 'hacked by Frenchman'

Anyone can easily become a victim of e-crime as there are various ways to
steal your password or personal information. This is what happened to the
American President Barack Obama.

The unemployed 25-year-old Frenchman recently hacked twitter accounts


belonging to Obama by simply guessing user’s passwords. He has also
targeted other celebrities, including Britney Spears.

He accessed the accounts by simply working out answers to reminder or secret


questions on targets’ e-mail accounts, according to investigators.

1 A commonly used technique to steal password is key logger. It is actually a spyware


and if it is installed in computer and you access your email account through that
computer then you’ll definitely lose your password because it records each and every
keystroke that you type.

~ 6 ~
Attacks on Password Authentication Mechanisms
User End

Classification of attacks on password authentication


mechanisms based on the targets of the attacks: 1.
Attacks on the user end 2. Attacks on the communication
channel 3. Attacks on the system end.

~ 7 ~
Questionnaire Findings
Question 1:
How do you access internet?

Question 2:
Do you use the same password for multiple accounts?

~ 8 ~
usually

33.3%
never

40.0%

yes

26.7%

Question 3:
How many characters do your passwords usually have?

Question 4:
What kind of passwords do you prefer? Tick as many as applicable

~ 9 ~
Question 5:
What do your passwords usually look like?

Question 6:
Do you share your passwords with anyone? Tick as many as applicable

Question 7:
Are you aware of any software (Password Revealer, spywares) that can be
installed on your computer to retrieve passwords entered on various
websites?

Question 8:
Do you think strong passwords can help keep financial information secure,
and virtually risk free from hack attacks?

~ 10 ~
disagree

13.3% strongly agree

23.3%

neutral

30.0%

agree

33.3%

Question 9:
Do you trust Internet cafe or Internet library?

Question 10:
Would you use your credit card for shopping online and other transactions?

~ 11 ~
always

13.3%
never

26.7%

frequently

30.0%

rarely

30.0%

Question 11:
Do you think there is a fear using credit card?

Question 12:
~ 12 ~
If yes, then if there is an arbitrary password associated with using your credit
card information would you use your credit card then?

dont know
43.3%

no

23.3%

yes
33.3%

Question 13:
Do you conduct transactions using your online bank account?

no

46.7%

yes

53.3%

Reasons for not using online bank account to conduct transactions:


~ 13 ~
Question 14:
Have you been or know someone who has been a victim of E-crime?

Question 15:
What do you think is the reason behind increasing cases of Electronic
crime?
Tick as many as applicable

Research Analysis
The research based on response of the sample population of 30 individuals,
ages above 25, professions ranging from lecturer to industrialist, to banker
and sub editors of newspapers, from freelance software writer to production
manager. Thus this ensured the sample population came from different
backgrounds and were exposed to different circumstances.

~ 14 ~
The results of the questionnaire about accessing the internet showed that
cable internet was the most popular means of access while DSL and wireless
competing for the second and third popular spots. Satellite internet or any
other means to access the internet received zero responses. It shows that
most of the users of internet are accessing it through cable network which
requires higher safety than DSL or any other means i.e. personal firewall is
needed.

Ways to access Internet Frequency Percent (%)

DSL Internet 8 25

Cable Internet 16 55

Satellite Internet - 0

Wireless Internet 6 20

Others - 0

Total 30 100.0

Our assumption that people prefer to have the same passwords for various
accounts was based on the belief that about 80% of the population would
conform to this. On the contrary, the results showed only a small minority of
26.7% always set the same password while 33.3% “usually” used the same
password. This could signify that important accounts like banking or private
business email accounts had different passwords while other less important
ones had invariably the same passwords. What was surprising was a majority
of 40% of the sample chose “never” meaning that they never chose the
same passwords for multiple accounts. This result was extremely favorable
since it showed that even if passwords were compromised, information from
all of an individuals’ account would not be misused.

Same password for Frequency Percent (%)


multiple accounts

Always 8 26.7

~ 15 ~
Never 12 40

Usually 10 33.3

Total 30 100.0

Considering the strength of the password which in itself is very subjective,


we received slightly unexpected but promising results. Of the three
questions that tested on its subjectivity, one was based on the length of the
password, (the more the number of characters in a password the stronger it
is,) the keys used in the password, (alphabets, numeric and special keys,)
and whether any personal information was used in the password that people
around a person are familiar with, (names, pet names, name of spouse,
phone number, date of birth). This question also seeked any other ideas for
passwords that people used. Results showed a 50% of the sample population
used 7 to 9 characters when setting their passwords, with the rest almost
equally divided between 4 to 6 and more than 9 characters per password.

Number of characters Frequency Percent (%)


passwords usually have

4-6 7 24.8

7-9 15 50

More than 9 8 25.2

Total 30 100.0

There were mixed results to the question which inquired about the
information used in the passwords. While an overwhelming majority did not
used any obvious personal information like their own or their spouse’s name
or even phone numbers, a surprising 50% of the population confirmed to
using their pet names in their password. This proves our assumption and also
exposes vulnerability. People need to understand that using information that
is commonly known among peers can prove to be dangerous and lead to
damaging results. People who do not use any personal information in their
passwords cited other ideas for the same. From names of cars and
medicines, to random phrases, things they like, and initials of phrases and a
combination of dates and numbers.

~ 16 ~
Use of Personal Info Yes No Yes % No %
Date of Birth 5 25 16.66667 83.33333
Nickname 15 15 50 50
Phone number 5 25 16.66667 83.33333
Spouse's name 3 27 10 90

The most favorable result of the research pertained to what a password was
constructed of, i.e. 50% of passwords had at least two types of characters
either i) alphabets and numeric, ii) numeric and special keys, or iii) alphabets
and special keys while another 36.7% used all three types of characters in
their password. Only a small minority of 13.30% used simple passwords. The
result although encouraging, highlights a key component that people do not
place importance on their passwords even though many websites now
provide the testing of one’s password. They require the password to be
entered and a bar will show the strength of the password whether weak,
moderate or strong. Since these tools are easily available and there is the
strong likelihood that individuals are aware of these tools due to the
widespread availability, the mindset is such that even strong passwords
would not protect data against a hacker. While true in some cases, a
password can protect against hackers contrary to the beliefs of many.

Preference for Frequency Percent (%)


passwords

Simple alphabets 4 13.30

Alphabets and numeric 12 40

Alphabets and special 2 6.70


keys

Numeric and special 1 3.30


keys

All of the above 11 36.70

Total 30 100.0

~ 17 ~
Concerning the sharing of passwords, 14 of the 30 people surveyed
responded that they did share their passwords while the rest of the 16 did
not share their passwords. Of the 14 people who do not keep their passwords
to themselves, 50% shared their passwords with their husbands or wives
while 4 people each responded to having shared their passwords with friends
or siblings while an insignificant minority of 2 people out of the 14 admitted
to having shared their passwords with their boyfriend or girlfriend. The
assumption behind this question was respondents would be more likely to
share their passwords with their respective spouses and girlfriend/boyfriend.
This was however invalid as people also shared such information with their
friends and siblings. The results were skewed towards the unfavorable side
since trusting people with crucial key combinations of bank accounts and
credit card information can leave one penniless if one ever came across a
person who wanted to misuse such financial information.

Password Sharing Yes No Yes % No %


Share passwords 14 16 46.66667 53.33333
Share with friends 4 10 28.57143 71.42857
Share with siblings 4 10 28.57143 71.42857
Share with spouse 7 7 50 50
Share with
girlfriend/boyfriend 2 12 14.28571 85.71429

The most disappointing result of this research was the question which
surveyed awareness about various softwares that can steal passwords off
computers if installed on them. These softwares are likely to across in public
computers at airports, internet cafes and other public places. Once the login
and password is entered it is stored and can be retrieved either by accessing
that same computer or even from an off location computer by accessing it
through the internet. This can lead to various information being
compromised, more so because there is a severe lack of awareness about
such software. An astounding 56.7% of the people pledged to be unaware of
the existence of any such software. This result was highly disappointing
because of the nature of the sample population. Aged above 25 and having
used the internet extensively for about 5 to 7 years they were oblivious to
potentially damaging programs.

Awareness of Passwords Frequency Percent (%)


revealers, spywares

Yes 13 43.3

No 17 56.7

~ 18 ~
Total 30 100.0

When asked about whether respondents thought passwords could help keep
their financial information secure, 56.6% agreed to this statement while 30%
were unsure about it. A mere 13.3% of the responses disagreed with the
statement. This result is reassuring and although not as strongly seen in
other conclusions of this research objective that states a majority of people
may not choose the characters in their passwords carefully.

Strong passwords keep Frequency Percent (%)


financial information
secure

Strongly Agree 7 23.3

Agree 10 33.3

Neutral 9 30

Disagree 4 13.3

Strongly Disagree - -

Total 30 100.0

When inquired about whether they trusted computers in public places, 90%
said no. Despite the population being unaware of why publicly logged in
computers are unsafe, there is a severe lack of trust in the same. Although
contrary to the previous result, this result is encouraging. At least the
population is aware that such places are not to be trusted.

Trust computers in public Frequency Percent (%)


areas

Yes 3 10

No 27 90

~ 19 ~
Total 30 100.0

Concerning the next aspect of this research report, about the use of financial
transactions available online, many people indicated a fear of using credit
cards and online banking accounts. 90% of the responses stated that there
was some fear associated with using their credit cards but despite this fear
only 56.7% of the people answered that they rarely and never used their
credit cards due to this fear that their information could be misused and they
could be charged for expenses they did not actually incur. In such cases if a
bank is notified that a credit card has been misused, usually the person to
whom the credit card has been issued to, does not have to pay if he can
prove that he did not authorize the transactions. In some cases where the
person cannot prove the same, he is liable to pay or the bank can assume a
limited liability role depending on the rules of the issuing bank. Bottom line
being many individuals believe there is a risk when using credit cards. This
result is highly contrasting to that of more developed countries. In the USA
for example, even everyday groceries are purchased by credit cards where
as in Pakistan, a large investment such as a car is also paid for by cash. Thus
there is huge shift in mindset that needs to occur before widespread
acceptance of credit cards. This can be achieved if people start accepting
that credit cards can be protected against misuse.

Online usage of credit Frequency Percent (%)


cards

Always- it’s very 4 13.3


convenient

Frequently-Prefer online 9 30.0


transaction more

Rarely- Prefer cash 9 30.0


rather than credit card

Never-too risky 8 26.7

Averse to interest - -

Total 30 100.0

A suggestion to accompany this question was whether respondents would


trust and use credit cards if there was an arbitrary and independent
password associated with their accounts: any such information that was not
~ 20 ~
available on the face of the credit card itself in case it was stolen. Generally
a credit card transaction requires the credit card number, the expiration
date, and in some cases a 3 digit pin code, all embossed on the credit card. If
this smart card were to be stolen, funds associated with the credit card
account could be used for transactions. If a password had to be entered
before authorizing the transaction for the credit card it would be safer since
it would not be printed on the credit card itself. ATM cards use this method; a
4 digit pin code is required after inserting the card in the ATM slots before
cash can be withdrawn. This is known as double verification of identity and is
a much safer means of conduction transactions which will also encourage
use of credit cards and even debit cards which work in almost the same way.
Of the 66.7% who stated that they did not use their credit cards, 33.3%
stated that it would be safer if an independent password accompanied their
account and would use their credit cards in such a scenario.

Fear using credit cards Frequency Percent (%)

Yes 20 66.7

No 10 33.3

Total 30 100.0

Arbitrary passwords Frequency Percent (%)


with credit cards

Yes, ensures stolen 10 33.3


credit card won’t be
used

Don't know 13 43.3

No, it still is risky 7 23.3

Total 30 100.0

Online bank account usage has not caught on much in this country. The
reasons are many. From not having the necessity to use the bank account,
since even some business transactions are carried out with cash, religious
reasons based on interest being haram, and the risk factor associated with
online transactions, it discourages people from using an extremely
convenient method of managing their finances. 53.3% report using their
banks online accounts, the figure being positive, can also simply mean that

~ 21 ~
bank balances are checked using the service. Hence this result is ambiguous.
When the 46.7% of the people who do not use online services were asked to
quote a reason, they varied from security issues to having no needs for such
services while 20% also stated that their banks did not provide such service
yet. This is also a significant finding since the non-availability of online
banking services denotes slow adapting of the banking industry.

Online bank account Frequency Percent (%)

Yes 16 53.3

No 14 46.7

Total 30 100.0

Another result stemming from above conclusions of the lack of integration of


internet services and banking in this country is seen from the awareness and
cases of E crime. 66.6% reported that they had not been nor were they
aware of any individual who had been a victim of electronic crime concerning
bank accounts or credit card scams. In the developed world, such cases
widely come to light and are propagated through the media and news
channels. There were no official statistics available but the information on
various cases posted at least proved that if electronic crime cases are
unearthed they are publicly condemned so that people can be aware of the
various ways they can threatened with. This leads to better security.

Victim of E-crime Frequency Percent (%)

Yes 10 33.4

No 20 66.6

Total 30 100.0

The reasons behind increasing cases of e crime were reported and a 22 out
of 30 voted for loopholes in technology used, for example bugs in software or
inadequately performing anti-virus editions and so on. Only 10 people
reported that simple passwords could be behind e-crime while password
sharing received just above 50% of the votes. Other reasons quoted
concerned the naivety of people which leads them to be exposed. This result
also confirms that respondents did not believe strong passwords could
contribute to security of data.

~ 22 ~
Reasons behind Ecrime Yes No Yes % No %
Simple passwords 10 20 33.33333 66.66667
Sharing of passwords 16 14 53.33333 46.66667
Lack of antivirus 15 15 50 50
Loopholes in
technology 22 8 73.33333 26.66667

Statistical analysis:
Hypothesis 1:
Ho= No awareness of any software that can retrieve passwords
Ha=Awareness of any software that can retrieve passwords

R you aware of softwares that can retrieve your


Are
2
-1
3
yn
T
O
E
password?
.7
3
5
2
0
o
xb
e
t.0
sp
0
a
ie
crl
d
tv
u
e
a
ld

~ 23 ~
a
a you
.T
1
C
d
A
sAre
Can
P
0
5 retrieve
aware
your
of
e
5
0
sfh
o
.a
csfyi3
-3
stm
e
T
S
p
lw
h
S
.q
a
lo
e
t
sru
a
S
e
d
m
srt
i(?
i
e
.g
n
t.s
i0
t
h
%
m
i
)a
u
tc
m
s
h
a
e
xv
e
p
e
ce
tx
p
e
e
d
c
ct
e
ld
l
f
fr
re
q
e
u
q
e
u
n
e
c
n
ci
ye
s
i
sl
e
s
1
s
5
.
t
0
.h
a
n

Rejection region:

Reject Ho if X-value<0.05
~ 24 ~
Conclusion:

Since X-value is less than 0.05 i.e. 0.03 so we reject Ho and conclude that
people aren’t aware of any software that can retrieve passwords.

Hypothesis 2:
Ho= Strong passwords cannot keep financial information secure
Ha=Strong passwords can keep financial information secure

strong pass can keep fin info secure?

Observed N Expected N Residual


strongly agree 7 7.5 -.5
agree 10 7.5 2.5
neutral 9 7.5 1.5
disagree 4 7.5 -3.5
Total 30

~ 25 ~
a
.T
3
C
d
A
icS
0
5
a
e
0
tsfh
a
.n
s
ryi0
cfn
t
2
-5
m
o
e
T
5
S
p
lkn
h
S
.q
lsg
e
t
u
se
a
S
cp
m
rt
a
i(u
i
e
.rfsg
n
s.
e
i0
t
n
?
%
m
)i
u
c
m
s
h
a
e
xv
e
p
e
ce
tx
p
e
e
d
c
ct
e
ld
l
f
fr
re
q
e
u
q
e
u
n
e
c
n
ci
ye
s
i
sl
e
s
7
.s
5
.t
h
a
n

Rejection region:

~ 26 ~
Reject ho if X-value<0.05

Conclusion:

Since X-value is less than 0.05 so we fail to reject Ho and conclude that
strong passwords can keep financial information secure.

Hypothesis 3:
Ho= People don’t trust internet cafes
Ha= People trust internet cafes

~ 27 ~
R
D
2
-1
3
yn
T
O
E
7
2
5
1
0
o
xb
e
.
t2
sp
y
.0
a
ie
o
crl0
d
tv
u
e
a
t
ld
r
u
N
s
t

i
n
t
e
r
n
e
t

c
a
f
e
s
?

~ 28 ~
a
a
.T
1
C
d
A
ciD
0
5
e
9
1
sfh
o
n
.a
.s
cftyi2
t
2
-4
ym
e
T
0
S
p
lsro
h
S
0
.q
u
n
l?
e
t
u
se
a
tS
m
i(rt
i
e
g
.u
n
s.
i0
t
%
m
)i
u
c
m
s
h
a
e
xv
e
p
e
ce
tx
p
e
e
d
c
ct
e
ld
l
f
fr
re
q
e
u
q
e
u
n
e
c
n
ci
ye
s
i
sl
e
s
1
s
5
.
t
0
.h
a
n

Rejection region:

~ 29 ~
Reject ho if X cal<0.05

Conclusion:

Since X calculated is greater than 0.05 so we fail to reject Ho and conclude


that people don’t trust internet cafe or library.

Hypothesis 4:
Ho= There is no fear using credit cards and online bank accounts
Ha= There is fear using credit cards and online bank accounts

~ 30 ~
-R
2
1
5
3
yn
T
O
E
.5
0
o
xb
e
.
t0
sp
0
a
ie
crl
d
tv
u
e
a
ld

I
s

t
h
e
r
e

f
e
a
r

u
s
i
n
g

c
r
e
d
i
t

c
a
r
d

~ 31 ~
a
T
.3
1
d
iA
u
C
0
5
a
e
0
sfh
.a
s
3
criy0
3
-5
tm
n
d
e
T
3
S
p
g
l?
h
S
l.q
e
t
scru
a
S
re
m
rt
i(e
i
e
g
a
.d
n
.s
i0
tf
%
m
i
)e
u
c
a
m
rs
h
a
e
xv
e
p
e
ce
tx
p
e
e
d
c
ct
e
ld
l
f
fr
re
q
e
u
q
e
u
n
e
c
n
ci
ye
s
i
sl
e
s
1
s
5
.
t
0
.h
a
n

Rejection region:
~ 32 ~
Reject ho if X cal<0.05

Conclusion:

Since X-value is less than 0.05 we reject Ho and conclude that people have
fear using credit cards.

Statistical Analysis

Awareness of Software

People aren’t aware of any software.

Financial Information Secured


Strong passwords can keep financial informat

People don’t trust internet cafe or library.


Password
People have fear using credit cards.
Trust Internet Cafe

~ 33 ~
Fear using credit card

Conclusion

Internet banking, a relatively new phenomenon in our part of the world, has
unleashed its opportunities almost suddenly. So fast that many users of this
technology are still not able to grasp the abilities and consequences of the
same. With our research we aim to prove that once basic internet security is
understood by our population, acceptance of internet banking will follow
hand in hand.

Our questionnaire was designed with a purpose to survey the understanding


of the vitals of internet security keeping in mind the future of internet
banking. It was aimed to test the basic knowledge behind security threats
and what we must do to safeguard our data.

Statistical evidence showed that there were certain shortcomings regarding


awareness but at the same time some results were better than our
assumptions behind the research.

Most of our assumptions behind this research were proven true. These
assumptions were:

• People are ignorant about password strength


• Passwords are commonly shared and not kept private
• Same passwords are used for multiple accounts
• Unawareness of data stealing software

~ 34 ~
• Fear in using E banking; credit cards, online banking etc.
• Unawareness about the reasons behind increasing rates of e-crime

Our research has proven that anyone can easily become a victim of e-crime
as there are various ways to steal your password or personal information if
you are not concerned about protecting your account and personal
information against security hazards.

Recommendations

Considering the sensitive nature of security, personal and financial security,


there are certain aspects that need to be published and highlighted. With an
increasing number of cases ranging from financial and identity theft, there is
a dire need to incorporate security measures. To protect one from such
dilemma, the following measures need to be implemented:

• Creating strong passwords for all accounts no matter how unimportant


they seem.

• The greater the variety of characters in your password, the better.

• Multiple passwords for multiple accounts.

• Avoid sharing passwords unless absolutely necessary.

• Avoid entering personal and financial information on public terminals.

• To limit the risk of your password being cracked, it should be at least 8


characters long and include letters (both upper and lower case), digits
and punctuation.

• You should change your password regularly and always after a trip
where you could have exposed your password at a remote site.

~ 35 ~
• Investing in a good antivirus to protect information.

To encourage banking transactions through the internet, banks can


implement the following details:

• Use multiple factor authorization.

• Allow entering only a specific number of characters for a password, but


different every time such as UBL’s online banking.

• Use passwords along with credit card numbers to authorize


transactions.

• Educate their clients about banking security.

Bibliography

http://www.utexas.edu/its/secure/articles/importance_strong_passwords.php

http://www.associatedcontent.com/article/137084/the_importance_of_choosi
ng_strong_computer.html

http://www.spamlaws.com/data-security-importance.html

http://crpit.com/confpapers/CRPITV98Notoatmodjo.pdf.

Exploring the ‘Weakest Link’: A Study of Personal Password Security, Gilbert


Notoatmodjo, 15 July 2007

“Passwords and Perceptions” by Gilbert Notoatmodjo and Clark Thomborson

~ 36 ~

Vous aimerez peut-être aussi