PII Personal Indentifiable Information

  • Adding links makes different PII.
  • Example: Something like Linkedin makes it easy to see others and your achievements and accomplishments. However if you add klinks people will most likely look at your other social media while "snooping" in your profile.

PII Considerations

  • Things that are common for PII:
    • Name
    • Email
    • Picture
    • High School College
    • Real Estate
    • State/City of Residence
  • Things that you should be more cautious about when putting it as part of your PII (Gray zone):
    • Birth date
    • POB
    • Address
    • Phone #
    • Maiden or Surnames
  • Things that should be entirely confidential and not given to anyone under any circumstances:
    • Credentials for Access
    • TFA
    • SSN
    • Tax Records

Blog Post Reflection:

  1. Describe PII you have seen on project in CompSci Principles.
    • A lot of PII that I see in CompSci Principles are:
      • Students' names
      • Emails
      • Phone # (For most projects)
      • Sometimes a picture for something like "Meet the devs"
  2. What are your feelings about PII and your personal exposure?
    • Personally, I'm not okay with PII and personal exposure. Whenever using the internet I try to be the most discrete as I can be. I'm okay with my first name being known on the internet as millions of other people have the same name. PII is great for people that need to identify you and can help them dig up some of your greatest accomplishments and achievements.
  3. Describe good and bad passwords? What is another step that is used to assist in authentication.
    • Bad passwords generally consist of very common patterns and are often used for multiple different websites. For example, if someone's password is 12345 or like password123, there is really no variability in it and that makes it a lot easier to guess. Additionally, if the person that may try and compromise your account has some of your PII, even something like "name"_07 might be pretty easy to guess (And additionally if you use the same password for multiple accounts, multiple of your personal accounts can become compromised). A good password should consist:
      • Lots of variability in keystrokes
      • 2FA
      • Little to no correlation to any of your PII
      • Symbols
  4. Try to describe Symmetric and Asymmetric encryption.
    • Symmetric encryption is where there is only one key that allows you to access to something
    • Aymmetric encryption is where there is a key for private and a key for public, so different things will be used to en and de crypt a message for safety purposes.
  5. Provide an example of encryption we used in AWS deployment.
    • We use Symmetric encryption (nighthawkcodingsociety) for everyone to gain access to the company itself because all of us have the key and it does not change.
  6. Describe a phishing scheme you have learned about the hard way. Describe some other phishing techniques.
    • A long time ago, when I played a game called ROBLOX, I had some valuable currency that i've saved for some time ($7000). This platform is home to many people who like to phish others out of passwords or other ways to get into accounts. ROBLOX uses a cookie system to store access tokens, so this person convinced me with some ensentaive to place some javascript in my browswer which grabbed the token giving him full access to my account. Other phishing techniques could be
    • Catphishing: Pretending to be someone else to gain information or simply troll others
      • Ex: Pretending to be a famous youtuber that will give you a bajillion dollars if you give them your SSN
    • Scandals -Twitter scandals