The Human Factors in Web Security (Essay Sample)

Name:
Instructor’s Name:
Course ID:
Date:
The Human Factors in Web Security and Overall Impact on Secured Web-Based Communication
When discussing security of the websites, most people believe that the security status improves with the complexity of the user passwords. While this might work to ensure that unauthorized users have a difficult time trying to gain access, the reality is that writing complex passwords sometimes leaves the website susceptible. Hence, in designing the security of the websites, it is better to ensure that one focuses on how people actually behave. This is however, interfered with when a conflict arises between the advocates of system usability and the security personnel. The two teams have opposing goals that create a monumental conflict with regard to security issue. For instance, the usability advocates work to ensure that they make it easier for users to access the system on demand. On the other hand, the security people aim at ensuring that they make it hard for users, especially the unauthorized users, to access the system. A final decision on this conflict is resolved when designers and users recognize that the actual goal of security is to reduce the relative extent to which users shall access the system. Hence, a compromise is made between designs for easy usability and secures systems thus the system does not have extremely poor usability and it also discourages unauthorized users. In light of this insight, the author of this paper seeks to explore human factors in web security and the overall impact this has on secured web-based communication. In the paper, they will explore past literature and findings by other researchers on the same factors and then, aim to design a new study in which they explore the human factors in web security from a different perspective in efforts to create more insight to readers on the impact on secured web-based communication.
Without human factors, random passwords, system-selected passwords, and long passwords can be considered as secure as compared to passwords based on names, passwords selected by user, and long short passwords. In addition, the habit of forcing users to make changes to password frequently and requisition for users to have different passwords for different entries should be adequate in efforts to fighting unsecure access. However, human factor is an issue that cannot be ignored in the contemporary society. This is because when the above restrictions have been implemented on a system, the users are forced to write down their passwords in order to be able to retrieve them whenever they seem to forget. Either on yellow stickers pasted on stations, cheat slip in the user's upper drawer, or on a file in the hard disk, the users find it hard to resist the urge to write down the passwords thus exposing their systems further.
Hence, this implies that in designing websites access, designers and security administrators need to consider most of the users who have limited memories. In any case, the only people who are known to be able to remember many extended strings of arbitrary elements are artists performing in circus. The rest of the users require simple passwords that they can easily remember and thus be able to keep a secret. Moreover, the users need passwords they can choose for themselves and they do not have to change them regularly. However, these passwords are easy to crack and most of the security breaks will emerge from intruders aiming at exposing the weakness of humans and not of those individuals who try to break algorithms.
In the near future, the security of systems, whether web-based communication or computer-based information systems shall improve with the introduction and implementation of biological verification techniques. For instance, security shall improve with use of fingerprint recognition techniques, and retina scanning mechanisms. However, these techniques shall have a number of challenges that include them not being able to work for some users and it will be a while before the technique is implemented in most parts of the world. What security administrators in the modern society need to do is to ensure that they eliminate awkward procedures for log in to different websites and web pages, and instead study mechanisms of sending cookies to users whose systems have low security needs. For instance, in cases whereby the user needs only to access given information, they can have cookies installed on their systems and thus eliminates the need for them to create user identifications and passwords before they can be able to access the system. The same can be applied on web-based communication and e-commerce sites. Users do not have to create user identities to shop, in the process, with ease access to the system; the web-owners also ensure that they do not lose sales if users are too lazy to think of unique identifications and passwords.
Even after eliminating the registration procedure for users when they are accessing a website for the first time, websites need to have followers and members. This creates a typical usability issue particularly if this site requires the users to enter their email address as the user name or the user identification. This is because most users are lead to think that the password required is the same password they use to access their mails. If they use this password, it creates a security problem as most can end up being shut out before completing process since they cannot trace the password or remember it. In such cases, in order to ensure that users are not discouraged or do not feel uneasy when registration on a website with their email address as the user name, the designer of website can ensure that they make certain recommendations upfront. For example, since email address offer uniqueness desired for each new user, the visitors to a website can be advised to choose a new and different passwords while logging in to the system. The system should not have to create a password for the users and sent it to them via email as this runs the risk of users getting stuck and giving up the process of registration before completion.
For usability purposes, the password can be made simple to create without designers implementing harsh rules for the format. This can be applied mainly for websites on which users are only allowed to read newspapers on daily basis. If it is a website on which users have to trade millions of money via the internet, the password format need to be more secure and a bit strict. Care should be taken to ensure that the rules are not too strict as the outcome is users end up forgetting their identity and name on next visits and thus they are forced to create a new account. In the end, the same user will have more than three accounts on the same website which are unnecessary. In order to ensure that users are less confused and they have an easy time creating accounts, the rules and instructions can be placed right next to the field label on which they are to type password.
Further, the website designs should be created in such a way that the users are able to only sign in once and not be forced to log in on every given visit. This is according to studies performed in the contemporary society by author that reveal that most users wish for a single log-on procedure and the rest to be automatically reconfigured from within their system. Hence, the website should not have to force users to loop from one webpage to another. This is a technical issue that should be resolved from the design process. In the future, this requirement shall be integrated on personal computers in the near future as they shall be truly personal thus serving as personal agents for the users in the cyberspace with regard to password and identification.
For sensitive websites and systems, the security administrators need to ensure that the users feel secure and comfortable. This can be achieved with the use of an explicit logout button on which users can click on to exit the website and their accounts. In some websites, the designs trigger time-outs and force users to log in after staying inactive for a couple of hours. This feature could be enhancing security but it is annoying to most users especially if they have just taken a break for a couple of minutes.
LITERATURE REVIEW
Human Factor in System Security
From the previous section, it is clear that human factor is real in website and computer security. However, it has been largely underestimated in the modern society with 85% of firms in the modern times being forced to experience an internal incident regarding their information security and websites. These incidences are sometimes serious as some firms end up losing their sensitive information to unauthorized individuals and others having their systems destroyed. Some surveys done in the recent past by Panko reveal that the most common types of threats to system security from inside a firm involve vulnerabilities and flaws existing in software applications, unintended leaks of data due to errors caused by human beings, and the theft or the loss of mobile and handheld devices (8).
However, according to Aarons most firms in the modern times understand that the information system security is an important feature and it needs to be implemented in the modern times. In fact, information system security preventive measures have been implemented in varying degrees with the purpose of ensuring that the security managers limit the risk of internal security (6). Nevertheless, Albrechtsen argues that most firms acknowledge the various measures of security cannot be adequate thus some of the organizations are increasingly seeking to implement new solutions that might enforce policies while in the process providing defense from substantial loss of information held in the systems (2).
In any case, as Anderson observes that employees hardly comply wi...