Remembrall

Remembrall is a human focused security tool designed to train people to have good habits and use best practices when it comes to their online security.

Comment

A major concern within the field of Cyber Security is that the human element of any digital system is consistently the weakest part of it. This, coupled with new technologies being adopted faster than they can be secured, leaves regular internet users in a situation where they are ill-equipped to face new and emerging cyber threats. Our group sought to address this problem by taking a human-centred approach; by training internet users to have greater awareness of the risks that exist in the digital world, as well as anything they do that puts them at risk, we can strengthen digital security by addressing a common weakness. To do this, we came up with the idea for our security training tool: Remembrall.

Remembrall's concept is simple: watch what an internet user is doing and give them reminders and recommendations on how to stay internet safe when they do something that compromises their digital security. However, while the concept is simple enough, the scope of this tool is potentially endless, as new cyber threats are being discovered all the time. For this Hackathon, we decided to narrow down the scope of the tool to a single use case: checking a web page's security headers. This let us put together a proof of concept that accurately shows off the ethos of our concept.

This version of Remembrall takes the form of a lightweight security extension that checks a site against a trusted domain list and, when the site is not trusted or recognised, shows an analysis report of the HTTP security headers. This report gives the user an overall score to help them make an informed decision as to whether or not they want to continue onto the site in question. If they choose to, then they are given the option to add this site to their own trusted domain list, meaning they can visit this site in the future with no response from Remembrall. If they choose not to add the site to the trusted list, but instead to the not trusted list, then they are shown a pop up informing them that the site they are on is putting them at risk and it is advised to leave as soon as possible.

This project taught us how to create our own chrome extensions using the Manifest V3 standard, as well as the importance of HTTP security headers in preventing various forms of cyber attack, and the consequences for not having them correctly configured. We also learned a lot about the balance between secure and usable design, and how this trade off can be utilised for compelling systems.

Built With

Share this project:

Updates