- Adding links makes different PII.
- Example: Something like Linkedin makes it easy to see others and your achievements and accomplishments. However if you add klinks people will most likely look at your other social media while "snooping" in your profile.
PII Considerations
- Things that are common for PII:
- Name
- Email
- Picture
- High School College
- Real Estate
- State/City of Residence
- Things that you should be more cautious about when putting it as part of your PII (Gray zone):
- Birth date
- POB
- Address
- Phone #
- Maiden or Surnames
- Things that should be entirely confidential and not given to anyone under any circumstances:
- Credentials for Access
- TFA
- SSN
- Tax Records
Blog Post Reflection:
- Describe PII you have seen on project in CompSci Principles.
- A lot of PII that I see in CompSci Principles are:
- Students' names
- Emails
- Phone # (For most projects)
- Sometimes a picture for something like "Meet the devs"
- What are your feelings about PII and your personal exposure?
- Personally, I'm okay with PII and personal exposure. I'm okay with my name, email, and picture being known on the internet. Even so, I also have ran an old YouTube Channel and current youtube channel (I switched topics, one was an older game I played and the new channel is for more general purpose). PII is great for people that need to identify you and can help them dig up some of your greatest accomplishments and achievements.
- Describe good and bad passwords? What is another step that is used to assist in authentication.
- Bad passwords generally consist of very common patterns and are often used for multiple different websites. For example, if someone's password is 12345 or like password123, there is really no variability in it and that makes it a lot easier to guess. Additionally, if the person that may try and compromise your account has some of your PII, even something like "name"_07 might be pretty easy to guess (And additionally if you use the same password for multiple accounts, multiple of your personal accounts can become compromised). A good password should consist:
- Lots of variability in keystrokes
- 2FA
- Little to no correlation to any of your PII
- Try to describe Symmetric and Asymmetric encryption.
- Symmetric encryption is where there is only one key that allows you to access to something
- Aymmetric encryption is where there is a key for private and a key for public, so different things will be used to en and de crypt a message for safety purposes.
- Provide an example of encryption we used in AWS deployment.
- We use Symmetric encryption (nighthawkcodingsociety) for everyone to gain access to the company itself because all of us have the key and it does not change.
- Describe a phishing scheme you have learned about the hard way. Describe some other phishing techniques.
- A long time ago, when I played an older competitive game known as CS:GO (Counter Strike Global Offensive), there was this lottery system where you would spend some money for a chance to get a skin. However, these skins would range from a variety of things, from the "condition of the skin" to the color waves and such, which could then be traded for real life money. Thus, a CSGO lottery system has been created. I really wanted skins because I wanted to partake in this economy. However, some famous youtubers actually hosted this website where you would gamble for skins, but in reality it was rigged and you would essentially lose real life money in the form of gun skins. Luckily for me, I did not have any money to afford this, so I was fortunately left out. However, many people (and I mean thousands to millions) of people that did partake in this did lose a lot of money and the scandal was brought to light shortly after.
Other phishing techniques could be
- Catphishing: Pretending to be someone else to gain information or simply troll others
- Ex: Pretending to be a famous youtuber that will give you a bajillion dollars if you give them your SSN
- Scandals
