Introduction
With the advent of the internet, the use of computer has grown at a large scale. Almost every industry in the world has been using a computer, almost for every one of their tasks. The use of the internet has not only opened the gates of benefits but also created some critical problems associated with the information and the data handled through computers and delivered across the internet. One of these problems is the use of the password. The importance of a strong password is of no questioning. Despite being the truth that passwords are intended to secure the system, a lot of people are unaware of it and take it as a corporate responsibility that should be fulfilled (Cole, 2002). Datamatix is one of the leading global knowledge providing group of the world having more than thirty years of experience. Besides providing the training and education to the individual organization in order to make them excel in their business, the group also provides them with IT solutions. One of the IT services provided by Datamatix group is the “Data Bank”, a secure online place for the information and data for different client groups and firms. As par, the information given by the Datamatix about their “Data Bank” service, the security of the data stored at their servers is one of the primary aspects of their heterogeneous data privacy policy (“DataBank”, 2019). But since passwords play an important role in the security of any electronic information and data, the need for password visualization and authentication is hence required.
The idea or purpose of this project is to identify the loopholes in the security system of the “Data Bank” service of the Datamatix, especially in terms of the weak passwords using multiple techniques such as password visualization, password authentication and so on. The other key purpose of this project is to define the guidelines for the users of the “Data Bank” services, for setting up a complex password and using them without any complications. The key stakeholder for this project will be the Datamatix group. The other relevant information about the project is as follows:
| Project Title | Password visualization and Authentication System for the “Data Bank” | ||
| Project Sponsor | |||
| Project Manager | |||
| Start Date | 28th Feb 2019 | Projected Finish Date | 30th Apr 2019 |
| Roles and Responsibilities | |||
| Name | Project Role | Position | Contact |
| Sponsor | |||
| Project Manager | |||
| Team Member | |||
| Team Member | |||
| Milestones and Deliverables | |||
| Milestones | Deliverables | Expected Date | |
| Distribution of the responsibilities of the project team | 28th Feb 2019 | ||
| Study of the current security system of the Data Bank | 2nd Mar 2019 | ||
| Report on the current situation of the security infrastructure | 9th Mar 2019 | ||
| Development of the project plan and team meets. | 16th Mar 2019 | ||
| Final discussion with the organizational members about the project | 23rd Mar 2019 | ||
| Actual development of the password authentication system | 30th Mar 2019 | ||
| Delivery of the password visualization and authentication system | 13th Apr 2019 | ||
| Delivery of the guideline and policy for complex and strong password creation | 20th Apr 2019 | ||
| Final report submission | 27th Apr 2019 | ||
| The final meeting of the project | 30th Apr 2019 |
Project Description
This section will give an insight into the different aspects of the project. These aspects will be the objectives of the projects, the scope of the project, the criteria of the success of the project, the approach used during this project and the constraints and assumptions made during this project. These aspects will provide with the overview of the topic of the project and give support for the next stages of the research by also providing with the relevant arguments.
Project Objectives
The main objective of this project is to highlight the importance of the password visualization and authentication for creating a secure system. And to establish the guidelines about the complex password creation and the use of them, that not only help the key stakeholders of this project, i.e. Datamatrix to achieve the maximum security for their service as promised by them in their privacy policy but also to make the clients and users of the “Data Bank” aware of the need for a strong password.
The project will also discuss different visualization techniques used for the password assumption especially the ones that are complex in nature. These password visualization techniques may be of different types such as hash visualization, image grid visualization and so on. The system related or chosen for the application of these techniques will be the “Data Bank”, because of the large number of its user and the need of the security for the system as it is developed the industry’s leading knowledge provider (“Datamatix – The Power of Trust”, 2019). This project also aims to identify the weakness in the IT structure of the above-mentioned organization especially in the database system of the organization. So that the organization can achieve what they are aiming for their future. In short, the objectives of the projects are as follows:
- This project is designed to provide the Datamatix group with an upgraded and up-to-date solution for their data saving and serving service i.e. “Data Bank”, that is designed and developed in order to provide the clients of the Datamatix with a central location and solution for their data and information related problems.
- This project will help the organization in achieving their “Datamatix 2020” strategy of strengthening their position by offering the regionals government and other corporate and business structures and human resources, their services so that they can revolutionize the world while promoting the global peace.
- The project is also aimed to acquire the most secured system regarding the passwords and authentication for the clients of the Datamatix so that they don’t need to be watchful about their data.
- The project at the same time will try to deliver a guideline and awareness about the need for strong passwords in the time of hacking, as providing the knowledge is the main objective of the organization.
Project Scope
The scope of this password visualization and authentication project has a wide area of coverage. The objectives and aims that are included in this project are as follows:
- The identification of the current security state of the system of the “Data Bank”.
- The identification of the password strength through different tools of visualization.
- The delivery of the guidelines for strong and more secure passwords.
- The selection of the most suitable password authentication and visualization solution for the Datamatix.
At the same time, the boundaries of the projects i.e. the stakeholder of the project are Datamatix. Datamatix is one of the leading knowledge providers in the middle eastern region of the world. It is almost thirty years old with a great record for the development of knowledge management. The key aim of this organization is to highlight the administrative efficiency of organizations in terms of social, technological, economic, managemental and leadership. So that the foundation of the client organization met the global standards and can help them compete in the global market (“Datamatix – The Power of Trust”, 2019).
Although, Datamatix have a large number of services offered to its clients, the project mainly focuses on one of its key service i.e. “Data Bank”. Data Bank is the most effective and cost-efficient business intelligence system developed by Datamatix that help organizations in improving their planning, implementing and controlling activities by giving them support to store, collect, access and analyze the data related to them (“DataBank”, 2019).
The corporate data collection and its manipulation hence required strong security as promised by Datamatix in their privacy policy. The security of an online data is directly related to the strength of the authentication and accessing process which in turn is directly related to the strength of the password. Passwords are found to be critically important not in terms of the individual privacy but also for the protection of unauthorized access of the data and are the most cost-effective method of the security (Cole, 2002). Since passwords are set up by the users therefore in order to make the authentication process more secure the involvement of the users is therefore also having great importance. To involve the users and make them aware of the need for a secure password this project will try to deliver a set of guidelines and policy related to the password authentication and strength.
The assumption made for this project is that Datamatix will be providing the related access and information to the researchers, as and when needed. The company and its employees will also help in creating an environment, friendly and healthy enough to be supportive in nature for the bringing up of the projects and acquiring the objectives of the project as mentioned earlier. No steps or act that may result in the alteration of the results of the project or that can hinder the project itself must not be taken by the organization and its derivatives during the project phase.
Literature Review
A lot of literature has been available regarding the password visualization and the password authentication methods and techniques. Similarly, a lot more of the literature is available regarding the complex and strong passwords. The project planned and proposed here is therefore not a new one or have a novel approach. Different projects regarding password visualization are available.
A paper about “User password repetitive patterns analysis and visualization” by Yu that was published in 2016 in the journal of “Information and Computer Security” not only highlights the findings of an in-depth analysis of different case studies of real-world data sets but also describes the need of the password visualization and authentication. This provides with the basis of the general trend of the passwords that the user thinks to be safe and that are actually not so safe to crack up. This paper provided us with different views on to look back at the research and the technical defects that may be encountered during the project. How to visualize and determine the patterns and frequency and how that can be used in developing the new privacy policy and password guidelines for the “Data Bank” users is also can be understood using this paper.
The use of password masking is been controversial as it makes the users less comfortable and more prone to make a mistake. The improving in password cracking has also initiated the policy of long and strong password that in turn also affected the password masking. The wiping out of data, in some cases has also required the password to be typed clearly and erroneously. But on the other hand, at the same time, the shoulder surfing resulted in the need of the password masking to be considered regularly in terms of the password visualization techniques (Gruschka & Lacono, 2010). There are multiple techniques that have been developed so far and can be beneficial for the project. These techniques such as the “Half Mask”, “Chroma Hash” and “Transparent Mask” are found to be effective and required to be considered as one of the technical aspects of the project.
In order to analyze the different approach and methodology the paper by Xiujia and the fellows about the visualization and estimation of the password is found to be helpful. The interconnection in between the password and how it can be visualized to determine the security level of the current password trend. This paper tries to answer the basic questions such as what a strong password is and how it can be created, at what level the most of passwords are interconnected and how the cracking up of the password work, especially the dictionary attack. This paper also provides a step by step method of visualizing the password that can certainly be helpful in developing the algorithm and method set for the password visualization and authentication for the current password infrastructure of the “Data Bank”.
Success Criteria
According to an interview to the Saudi Gazette, by the CEO of the Marsh, Saudi Arabia “the ultimate success of a project will depend on their ability to mitigate the risks involved – and not taking these carefully into consideration could have severe reputational and financial implications for all parties involved” (“Success of a project depends on the ability to mitigate the risks”, 2018). The success criteria for this password visualization and authentication project is therefore related to the successful identification of the risks and the target of the project that can only be achieved through the constant studying and monitoring of the project and is all about achieving a strong password authentication and visualization system for the “Data Bank” of the Datamatix. The other key success criteria for this project is to be the cost-effective in nature as is already discussed that passwords are the most cost-efficient and key aspects of the security. The project will reduce the time and cost related to the security measures to half. The increased trust of the clients on Datamatix will also be used to measure the success of this project.
The project will be considered to be successful if it met the following requirements:
- Developed a strong password visualization system for the authentication system of the “Data Bank”.
- Will reduced the cost and time spent by Datamatix on the security measures taken by them.
- Help organization in establishing their privacy policy and in achieving the “Datamatix 2020” strategy.
- Develop a guideline and motivate the users to use complex and strong passwords.
Project Signoff
The project will be started by the approval of the related parties such as the project management team, project sponsor and the stakeholder (Datamatix). This project signoff will empower the project manager to carry on the project on the outlines discussed and described in this project plan report and on the basis of the minutes of the meetings held during and before the project.
| Signatures and Comments | ||
| Name | Signature | Date |
| Comments by Project Sponsor: | ||
| Comments by Project Manager: | ||
| Comments by Stakeholder: |
Discussion
Passwords are long been allied with the safety and the security. They are widely used throughout history to distinguish the righteous one from the spy, to provide secure access to the secrets. Passwords are secrets codes that have become a more vital part of our daily life after the rise of the computers. Despite the fact that they have several uses, there is greater weakness associated with them. Unlike the physical keys, they can be used by multiple persons at the same time, if they are at a long distance from each other. The key reason behind this is as a human we are weak at creating a strong enough password since we are certainly bad at remembering things as the computers do (Burnett & Kleiman, 2006). The need for strong and complex passwords that are hard to be cracked but at the same time are easy to be remembered by the ones who have set them up is more and more required.
This project is, therefore, design to handle this major problem associated with the password authentication. Datamatix is the leading knowledge providing company of the middle eastern region with an astonishing experience of three decades. The services they provide are therefore needed to be up to date and standardized so that the trust of their clients remain intact. The “Data Bank” is one of the hundreds of the services they offered. As the name suggest the “Data Bank” offers a secure online place for gathering, storing accessing and analyzing corporate data and information. The online placement of data can only be safe if the key to access them is enough. The password visualization and authentication for developing strong and complex passwords for the “Data Bank” are therefore mandatory and are the problem that this project will be seeking the solution for.
The major challenge that has been so far identified is the selection of the best possible and easy technique of password visualization that can be used during the password authentication process and is acceptable by both parties, i.e. Datamatix and its clients. The other challenge is to maintain the security of the related data and information as the project will give access to a lot of different crucial and secure areas of the security infrastructure of the “Data Bank”. The maintaining of the privacy of that accessed information will be another major challenge the project team will be going to face during this project. Since “passwords are the cornerstone of knowledge-based authentication” (Seitz, 2018) therefore the detailed studied of human behavior and a great deal of the information regarding the current trends in passwords are required for the team members. Team members are also needed to study different hacking trends and methods as true security can be achieved by viewing both sides of the coin.
The risk related to this project is of different types. The very first risk that is of high consideration is the legality of the password cracking or attempt to crack the password. Despite being authorized by the organization to work on the passwords, it is necessary to have understood the legal complications associated with it. Written permission is therefore highly recommended before doing any password related job (Cole, 2002). The other major risk that can pop up during the project is the secrecy of the project. The loophole in the security infrastructure if leaked out then it may result in uncontrolled havoc and may end up in the defaming of the organization. The secrecy of the project is both legally and ethically needed. In order to cope with this risk-controlled access to the system will be acquired and the team members will be selected only if they will be trusted.
References
Burnett, M., & Kleiman, D. (2006). Perfect passwords. Rockland, MA: Syngress.
Cole, E. (2002). Hackers beware. Indianapolis, Ind.: New Riders.
DataBank. (2019). Retrieved from http://datamatixgroup.com/Services/DataBank.aspx
Datamatix – The Power of Trust. (2019). Retrieved from http://datamatixgroup.com/Profile.aspx
Gruschka, N., & Lacono, L. (2010). Password Visualization beyond Password Masking. In International Network Conference. Heidelberg: Semantic Scholar. Retrieved from https://pdfs.semanticscholar.org/c74f/4795e6b434dd9c32595470a2b3d641704699.pdf
Seitz, T. (2018). Supporting Users in Password Authentication with Persuasive Design(Masters). Ludwig-Maximilians-Universität München.
Success of a project depends on ability to mitigate the risks. (2018). Retrieved from http://saudigazette.com.sa/article/536230/BUSINESS/Success-of-a-project-dep=
Xiujia, G., Haibo, C., Xuqin, L., Xiangyu, X., & Zhong, C. The Scale-free Network of Passwords : Visualization and Estimation of Empirical Passwords [Ebook]. Beijing: Peking University. Retrieved from https://pdfs.semanticscholar.org/70c2/92183c535c49742730ef13c340cd3eef78ce.pdf
Yu, X., & Liao, Q. (2016). User password repetitive patterns analysis and visualization. Information And Computer Security, 24(1), 93-115.
