Our motivation


Through the module Sustainable Computing we’ve learnt the impacts of making poor security decisions online and knowing people personally that are vulnerable to these type of targeted attacks, I proposed an online application that allowed users to get a quick overview of their own security - like a GP’s health check for your digital health.

To decide what areas of security people felt they didn’t understand the most, we surveyed a sample of various age groups and used this to inform our decision. As can be seen in the image, our other project deliverables were a report on the project and a poster of key functionalities.

What technologies

I built the backend as a node.js application using the expressJS framework and using passportJS local authentication for user’s accounts. Account details were then stored in a MongoDB database, allowing users to revisit the system.

I chose to use MongoDB for this so we could collect users emails when registering with us, we then used their email to look them up against HaveIBeenPwned’s password breach API.

Kurtis worked on the frontend of the project, using Bootstrap and Animate.JS to create a friendly and easy to understand UX for our target audience - people who were unsure of technology in the first place.

We user acceptance tested the whole project to ensure it was easy enough to understand and intuitive to use, refining stages and editing the application until we were happy that we’d produced an end product that users felt benefited them.

An example of this image can be seen to the right, starting with some simple navigation buttons we moved to a headed tab design with named stages and using an an animated progress bar too, to make the user feel closer to completion as well.


The project walks users through various stages of checking their security (see flow chart), firstly by using the HaveIBeenPwnedAPI as mentioned, next using HSIMP as local JavaScript to give the user password tips on their own security (without sending it to us) and then informing users how to check what companies hold on them, an overview of GDPR and links to download their own data.

Before completing we give the user a certificate to show they’ve undertaken the training, due to the modularity it means it’s also very easy to add extra stages in future (for example telling people practices they should put in place for the next big vulnerability found).

Kurtis and I worked collaboratively on this project on a private GitHub repository also, which was a useful experience as it improved my ability to merge conflicts and to ensure that we weren’t working on the same areas of the same program at once, meaning that by the end we had very few issues with conflicted files.

The project was successfully in creating a deliverable that was intuitive, simplistic and portable (as it’s in the browser). I’m very pleased by our end product.