Welcome!

News Feed Item

MSU Information Systems Expert Advises On Creating Strong Passwords In Response To 'Heartbleed'

MISSISSIPPI STATE, Miss., April 14, 2014 /PRNewswire-USNewswire/ -- The recently-discovered "Heartbleed" bug affecting as much as two-thirds of the Internet is causing people to hurriedly change passwords and further secure online personal information.

A variety of websites have found bug-related security vulnerabilities which affect sites employing OpenSSL, an open-source encryption technology that typically indicates personal information is safe with a lock icon in the web browser.

Merrill Warkentin of Mississippi State University said Friday [April 11] that choosing strong passwords is among the best proactive steps for minimizing vulnerability to identity theft.

"Never select a word that can be found in a dictionary," the information systems professor advised. Instead, he recommended three objectives for choosing strong passwords: make them hard to guess, hard to figure out and hard to "shoulder surf," meaning not easily observed by someone looking over your shoulder.

"If it's an obscure sequence of characters instead of a regular word, they are not going to be able to figure it out," he said.

Warkentin said users should think in terms of a "pass phrase" rather than a password. Personal phrases that may easily be remembered can become a hard-to-guess password when using the first letter of each word.

As an example, he said a phrase like "I started to work in 2008," could become the password "Is2wi2008." He said it is best to use a combination of upper and lowercase letters and numbers. If you add an odd character or symbol, the password becomes even stronger, he said. A true strong password must contain at least 14 characters, including numbers, upper and lower-case letters, and special characters.

Warkentin teaches students in his information systems classes at MSU to think of phrases personal to themselves, such as lyrics to a favorite song that they will find easy to remember, but others would have difficulty guessing.

Even if they are "strong," some passwords still may be compromised because of security breaches like Heartbleed, Warkentin said. It is online attacks and vulnerability discoveries that illustrate the importance of having unique passwords for the most sensitive information instead of using the same passwords repeatedly across the Internet.

"I would not reuse your bank or brokerage password anywhere else; I would make that a one-of-a-kind," he said, noting that if a hacker gains password information at one site, he may then go to other websites and try the same passwords to gain access to additional accounts.

While the most sensitive information needs the highest standards of security, Warkentin said many other websites which require login information are much less of a security concern because less personal information is at risk. He used as an example that some newspapers require login information before giving access to news articles, but they don't store sensitive personal data.

"It helps if people can think about information in terms of the risk of harm," he said.  

"If someone logs in as you on a website, can they hurt you?" he continued. "If it's your bank or your social media account, the answer is yes. On other sites, there is less at stake if the only power they have is to change your news preferences, for example, without gaining any real personal data."

Warkentin advises using different passwords for different websites, but one good tip is to create a strong base password, like the "Is2wi2008" example, but make it unique to various websites by using add-ons. He said an adaptation to the example could be using "Is2wi2008Amz" for shopping on Amazon.  

"Then they're all about the same, and they're strong, but they're also unique because of those last two or three characters," he said.

Some other tips shared by Warkentin include:

  • If it is necessary to write down passwords, it is critical to store them in a safe secure location. "Don't write it on a sticky note by your monitor," he said.
  • Utilize more than one authentication method for the most sensitive data. "The best security is when you use two-factor authentication; it's much safer because when someone gets your password, they still don't have everything they need to gain access."
  • Request higher levels of security for accounts that many banking systems offer. Higher security usually involves an additional challenge question for accessing information via telephone, so clients can't just verify their basic information like ID number and address.

Because of Heartbleed's potential impact, Warkentin implored users to immediately change passwords at websites holding credit card, health or other personal information not to be shared--and also their social media and email platforms.

For more information about Mississippi State University, see www.msstate.edu.  

Bio and contact info available at: http://www.misprofessor.us/

broadcast studio available

Merrill Warkentin is a Professor of Information Systems and the Richard Adkerson Notable Scholar in the College of Business at Mississippi State University.

For more information, see news release at: http://www.msstate.edu/web/media/detail.php?id=6587

This news release was issued on behalf of Newswise™. For more information, visit http://www.newswise.com.

Contact: Allison Matthews, 662-325-7457, [email protected] 

SOURCE Mississippi State University

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
"With Digital Experience Monitoring what used to be a simple visit to a web page has exploded into app on phones, data from social media feeds, competitive benchmarking - these are all components that are only available because of some type of digital asset," explained Leo Vasiliou, Director of Web Performance Engineering at Catchpoint Systems, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"Outscale was founded in 2010, is based in France, is a strategic partner to Dassault Systémes and has done quite a bit of work with divisions of Dassault," explained Jackie Funk, Digital Marketing exec at Outscale, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We were founded in 2003 and the way we were founded was about good backup and good disaster recovery for our clients, and for the last 20 years we've been pretty consistent with that," noted Marc Malafronte, Territory Manager at StorageCraft, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
Kubernetes is an open source system for automating deployment, scaling, and management of containerized applications. Kubernetes was originally built by Google, leveraging years of experience with managing container workloads, and is now a Cloud Native Compute Foundation (CNCF) project. Kubernetes has been widely adopted by the community, supported on all major public and private cloud providers, and is gaining rapid adoption in enterprises. However, Kubernetes may seem intimidating and complex ...
"DivvyCloud as a company set out to help customers automate solutions to the most common cloud problems," noted Jeremy Snyder, VP of Business Development at DivvyCloud, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
While the focus and objectives of IoT initiatives are many and diverse, they all share a few common attributes, and one of those is the network. Commonly, that network includes the Internet, over which there isn't any real control for performance and availability. Or is there? The current state of the art for Big Data analytics, as applied to network telemetry, offers new opportunities for improving and assuring operational integrity. In his session at @ThingsExpo, Jim Frey, Vice President of S...
DX World EXPO, LLC., a Lighthouse Point, Florida-based startup trade show producer and the creator of "DXWorldEXPO® - Digital Transformation Conference & Expo" has announced its executive management team. The team is headed by Levent Selamoglu, who has been named CEO. "Now is the time for a truly global DX event, to bring together the leading minds from the technology world in a conversation about Digital Transformation," he said in making the announcement.
"We focus on SAP workloads because they are among the most powerful but somewhat challenging workloads out there to take into public cloud," explained Swen Conrad, CEO of Ocean9, Inc., in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"As we've gone out into the public cloud we've seen that over time we may have lost a few things - we've lost control, we've given up cost to a certain extent, and then security, flexibility," explained Steve Conner, VP of Sales at Cloudistics,in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We provide IoT solutions. We provide the most compatible solutions for many applications. Our solutions are industry agnostic and also protocol agnostic," explained Richard Han, Head of Sales and Marketing and Engineering at Systena America, in this SYS-CON.tv interview at @ThingsExpo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We are focused on SAP running in the clouds, to make this super easy because we believe in the tremendous value of those powerful worlds - SAP and the cloud," explained Frank Stienhans, CTO of Ocean9, Inc., in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"DX encompasses the continuing technology revolution, and is addressing society's most important issues throughout the entire $78 trillion 21st-century global economy," said Roger Strukhoff, Conference Chair. "DX World Expo has organized these issues along 10 tracks with more than 150 of the world's top speakers coming to Istanbul to help change the world."
"Peak 10 is a hybrid infrastructure provider across the nation. We are in the thick of things when it comes to hybrid IT," explained , Chief Technology Officer at Peak 10, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"I think DevOps is now a rambunctious teenager – it’s starting to get a mind of its own, wanting to get its own things but it still needs some adult supervision," explained Thomas Hooker, VP of marketing at CollabNet, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We are still a relatively small software house and we are focusing on certain industries like FinTech, med tech, energy and utilities. We help our customers with their digital transformation," noted Piotr Stawinski, Founder and CEO of EARP Integration, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.