Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Imagine you are a developer at a large company which runs an online fantasy role

ID: 3746210 • Letter: I

Question

Imagine you are a developer at a large company which runs an online fantasy roleplaying game. You have a large number of players each of whom runs one or more player characters (PCs) in the game world. The individual PCs are directly created by their players, and have a variety of attributes associated with them such as name, clan membership, race (elf, dwarf, halfling, etc), and so forth. These attributes are directly visible to the player, and often integral to their PC's identity. Your players pay a small monthly fee for the game. However, not everyone pays with a credit card and you know there are at least some minors who are old enough to play but not to have a valid means of payment of their own. Presumably these players' parents/friends/older siblings are paying for them Recently, a large number of accounts have been falling to hackers who appear to be working from a list of credentials they acquired somewhere else. The attackers have been attempting to access accounts that never existed, in addition to ones they have successfully breached, so it's clear they didn't get the credentials from your company. (Think attackers breaching Yahoo and then trying to log into your accounts with those credentials.) You need to stop, or at least slow down, the attackers. Your company doesn't use 2-factor authentication (yet), so it won't save you this time. Getting 2FA turned on is a priority for after the current attacks are dealt with, however. You also don't send many emails that require your users to respond, so it's entirely ossible the email accounts you have on file are stale. 1. (4 points) Propose a way to authenticate users so they can do a password reset without requiring much extra work for regular players. It's ok to make players who do not connect often do more work, but someone who plays every day should have an easy time of it 2. (3 points) How do you know the attackers won't have the authentication data you're requesting? 3. (3 points) What might prevent the user from providing the authentication information you're request

Explanation / Answer

1. proper authentication can be provided by using proper methods , like game company should use a secured database system .in which all email address should be saved along with mobile numbers which player provide at the time of sign up of game . and when player provide email address and mobile number on sign up form .it should ask for a verification and sends an one time password to their eail id and mobile number separetely then on entering that during sign up .those email id's and numbers should get saved to game company's database .

so that whenever some one try to connect or forget any login detail like password they can easily recover it using their registered email id and contact number.

2.

because it will be peer to peer connection and run time generated information using secured key and secure algorithms thus attackers cant attack on that . until they get access to their emails and mobile number both because we will be doing double security and everytime different one time passwords will besent to both mobile number & email id as well .

hence it very very rare and hard for some hacker to get access to both at same time .

3.

user should read game guide manual ,which will be provided at the time of sign up .in which everything and every guideline will be mentioned and there will be single authorized email id though which game company will communicate to players and player should check its domain . and then reply to that . and moreover as i mentioned company will communicate on both things mobile as well as on mail . so fake one will only be able to send message on single medium .because both things will be stored under different databse of game company .

hence very hard to hack both (if we assume hacking of company's databse system )

so emails from different domain name and communication on single medium will prevent users from providing authentication information requested by false person ( in the name of comapany ).

hope you like answer

Related Questions

Imagine there are two free agent quarterbacks available. They both cost the same
Question #2768928
Imagine there are two hospitalized patients with chronic schizophrenia who refus
Question #3454670
Imagine there is a fatal contagious disease spreading in country A. Based on pre
Question #3221719
Imagine there is a town with 10,000 people. All of them get a test for disease X
Question #255284
Imagine there is no built-in function to swapcase within the string class. Using
Question #662472
Imagine this prosocial moral dilemma: “On his way to school, a boy named Freddie
Question #130995
Imagine this scenario: There are two patients. Both are 17 years old. Both are e
Question #3443289
Imagine this set up: public interface IMass{ double Mass {get;} } public static
Question #644837
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Imagine you are a contestant on a popular television quiz show, Cash for Questio
Next
Imagine you are a director of community health for your local health department.

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.