Systems Security Project by Durgashini https://padlet.com/durgashini7/njzeka3d4xakbb2a Group Members: Keng Tiong (191404X), Durgashini (192159E), Narmatha (193081T) en-us 2020-04-21 02:29:32 UTC 2024-10-15 10:04:46 UTC hello@padlet.com https://padlet.net/icons/png/1f913.png FaceBook(Keng Tiong) ahtiongtkt37 https://padlet.com/durgashini7/njzeka3d4xakbb2a/wish/541188901 -pros
-Don’t allow user to forget or change his/her password for more then 5 times in a day
-When account is created, a code will be sent to the user’s email account to verify whether the created is the legit owner of the email account set
-Prompt user when email user to inform password have been set and device and IP address used.
-con
-Allow user to set the same password over and over again, which will result in account being bruteforce by hackers.
-no 2FA
-Password requirement of at least 6 characters long and suggestion to user to create a strong password by having a combination of letters, digits and punctuation marks. This allow user's password to be not easily bruteforce by hackers

]]> 2020-04-30 08:01:09 UTC https://padlet.com/durgashini7/njzeka3d4xakbb2a/wish/541188901 Investing.com(Keng Tiong) ahtiongtkt37 https://padlet.com/durgashini7/njzeka3d4xakbb2a/wish/541193920 -Investing .com
-cons- allow user to set a password that is used before when resetting the account                      password hence will allow hackers to bruteforce to the account
          -  No 2FA
-Pros 
– Verify user is legit by having a image verification “ I’m not the robot prompt”
 - Verify user own the email account entered to create an account by issuing a code to be sent in the email account when creating the account.
  -reset password link is sent to the email account
-Password requirement of  using 4-15 characters with minimum of 2 letters and digit in order to create a more secure password and not being bruteforce easily by hackers.
]]> 2020-04-30 08:03:17 UTC https://padlet.com/durgashini7/njzeka3d4xakbb2a/wish/541193920 Gmail (Keng Tiong ahtiongtkt37 https://padlet.com/durgashini7/njzeka3d4xakbb2a/wish/541195654 Gmail password recovery
-Don’t allow the user to choose password that have been used before
-Verify user with sms or email codes sent
-Prompt message is sent to owner when password is successfully sent
-2FA log in options are available for user who wanted their account to be much more secure
-Allow user to enter their phone number to their gmail account, code will be sent to their mobile number via sms 
-Password requirement of use 8 or more characters with a mix of letters, numbers & symbols in order to create a more secure password and not being bruteforce easily by hackers.
]]> 2020-04-30 08:04:05 UTC https://padlet.com/durgashini7/njzeka3d4xakbb2a/wish/541195654 Carousell.com (Durgashini) durgashini7 https://padlet.com/durgashini7/njzeka3d4xakbb2a/wish/544213425 Carousell.com
Advantages:
  • User is asked to type their mobile number and an account registration confirmation prompt notice sms is sent immediately
  • Already used usernames are not allowed
  • Already used mobile numbers are not allowed
  • Invalid email addresses are not allowed
  • User has to use the verification code sent in that sms to proceed
  • No common passwords (1234, abcd, birth date) are allowed
  • User is asked to click the ‘I’m not a robot’ checkbox
  • User is asked to do an image verification 
  • When user clicks ‘forgot password’, an email / sms is sent to the user for him to use the verification code, in order to get access to the resetting of the password
  • User is not allowed to use passwords that were previously used, so it is more secure
  • Once password is successfully reset, a prompt email / sms is sent immediately

 
Disadvantages:
  • No 2-step verification
  • No 2FA options, so it is less secure
  • No strict password requirement (eg. alphanumeric, mix of symbols, mix of lower and uppercase, minimum no. of characters)
]]> 2020-05-01 14:59:55 UTC https://padlet.com/durgashini7/njzeka3d4xakbb2a/wish/544213425 Amazon.com (Durgashini) durgashini7 https://padlet.com/durgashini7/njzeka3d4xakbb2a/wish/544219045 Amazon.com
Advantages:
  • User is asked to type their email address and an account registration confirmation prompt notice email is sent immediately
  • User has to click on the link sent in that email to proceed
  • Strict password requirement (eg. alphanumeric, mix of symbols, mix of lower and uppercase, minimum length)
  • Already used usernames are not allowed
  • Already used mobile numbers are not allowed
  • Invalid email addresses are not allowed
  • No common passwords (1234, abcd, birth date) are allowed
  • User is asked to click the ‘I’m not a robot’ checkbox
  • User is asked to do a 2-step verification procedure: an audio verification and jumbled up characters verification
  • When user clicks ‘forgot password’, an email / sms is sent to the user for him to use the verification code, in order to get access to the resetting of the password
  • User is not allowed to use passwords that were previously used, so it is more secure
  • Once password is successfully reset, a prompt email / sms is sent immediately
  • That prompt email  / sms has an option ‘No, it wasn’t me who reset the password’, so that users can take action if their account was hacked

 
Disadvantages:
  • No 2FA options, so it is less secure 
]]> 2020-05-01 15:02:10 UTC https://padlet.com/durgashini7/njzeka3d4xakbb2a/wish/544219045 Shoppee.com (Durgashini) durgashini7 https://padlet.com/durgashini7/njzeka3d4xakbb2a/wish/544221112 Shoppee.com
Advantages:
  • User is asked to click the ‘I’m not a robot’ checkbox
  • Already used usernames are not allowed
  • Invalid email addresses are not allowed
  • When user clicks ‘forgot password’, an email / sms is sent to the user for him to use the verification code, in order to get access to the resetting of the password
  • Once password is reset, a prompt email / sms is sent immediately

 
Disadvantages:
  • No password requirement 
  • No image / audio / jumbled up characters verification
  • Already used mobile numbers are allowed, so people can create multiple fake accounts using one mobile number
  • Common passwords (1234, abcd, birth date) are allowed, so hackers can easily guess their passwords by doing a brute-force attack to hack into victims' accounts
  • No 'confirm password' option
  • User is allowed to use passwords that were previously used, so hackers can easily guess their victims’ passwords
  • Once password is successfully reset, a prompt email / sms is NOT sent
  • No 2FA options, so it is less secure 
  • No 2-step verification
]]> 2020-05-01 15:03:06 UTC https://padlet.com/durgashini7/njzeka3d4xakbb2a/wish/544221112 SingPass (Narmatha) 15narmatha2002 https://padlet.com/durgashini7/njzeka3d4xakbb2a/wish/545491978 SingPass Login
More Secure
Advantages:
- User can set up 2FA
- User can rest their password any time.
- Users can download the app in their mobile phone, they can register the mobile app; they can either set thumbprint to login or a 6-digit pin.
- Users can scan the code shown on their laptops, using their phone app. This makes it more user friendly easier to excess.
- Password cannot be the same as User ID
- Password to be between 8 – 24 alphanumeric characters, preferably containing upper case letters and symbols, with at least 1 letter and 1 number.
- Common passwords are disallowed, e.g., “password123”, “pwd12345”.
- Users new password cannot be the same as any of your previous five passwords.

Disadvantages
- Confidential information of users are stored.

- Elder users might not be able to use high tec features like scan QR code


]]> 2020-05-02 12:42:11 UTC https://padlet.com/durgashini7/njzeka3d4xakbb2a/wish/545491978 FastJob(Narmatha) 15narmatha2002 https://padlet.com/durgashini7/njzeka3d4xakbb2a/wish/546594507 FastJobs.sg

Disadvantages:
-When the user first enters their new password there is no confirm password option.
- Though they require phone number while signing up, the only way to retrieve back user's acc is the email they provided while signing up.
- If the user has no access to that email or forgot the password of that email the user will not be able to rest the password if they forget for FastJobs

Advantages:
- When the users first sign up, they are sent an email to verify their email.
- Users can rest their password via email
- When forget password is clicked, user is redirected to this page which has I'm not a robot verification.
- Another email sent to the user to rest password.]]> 2020-05-03 10:33:09 UTC https://padlet.com/durgashini7/njzeka3d4xakbb2a/wish/546594507 Spotify(Narmatha) 15narmatha2002 https://padlet.com/durgashini7/njzeka3d4xakbb2a/wish/546736635 Spotify.com

Disadvantages:
- There isn't a confirm password option.
- A default username is given; cant be changed on laptop.

Advantages:
- User can sign up either via email or Facebook.
- Doesn't allow an used password
- It uses I'm not a robot for verification
- Sends an email to verify account
- Reset can be done via email.
-  I'm not a robot verification is set for both signing up and while resetting. ]]> 2020-05-03 12:27:14 UTC https://padlet.com/durgashini7/njzeka3d4xakbb2a/wish/546736635 15narmatha2002 https://padlet.com/durgashini7/njzeka3d4xakbb2a/wish/553682614 2020-05-06 03:28:03 UTC https://padlet.com/durgashini7/njzeka3d4xakbb2a/wish/553682614 15narmatha2002 https://padlet.com/durgashini7/njzeka3d4xakbb2a/wish/553682631 2020-05-06 03:28:05 UTC https://padlet.com/durgashini7/njzeka3d4xakbb2a/wish/553682631