Welcome!

News Feed Item

MSU Information Systems Expert Advises On Creating Strong Passwords In Response To 'Heartbleed'

MISSISSIPPI STATE, Miss., April 14, 2014 /PRNewswire-USNewswire/ -- The recently-discovered "Heartbleed" bug affecting as much as two-thirds of the Internet is causing people to hurriedly change passwords and further secure online personal information.

A variety of websites have found bug-related security vulnerabilities which affect sites employing OpenSSL, an open-source encryption technology that typically indicates personal information is safe with a lock icon in the web browser.

Merrill Warkentin of Mississippi State University said Friday [April 11] that choosing strong passwords is among the best proactive steps for minimizing vulnerability to identity theft.

"Never select a word that can be found in a dictionary," the information systems professor advised. Instead, he recommended three objectives for choosing strong passwords: make them hard to guess, hard to figure out and hard to "shoulder surf," meaning not easily observed by someone looking over your shoulder.

"If it's an obscure sequence of characters instead of a regular word, they are not going to be able to figure it out," he said.

Warkentin said users should think in terms of a "pass phrase" rather than a password. Personal phrases that may easily be remembered can become a hard-to-guess password when using the first letter of each word.

As an example, he said a phrase like "I started to work in 2008," could become the password "Is2wi2008." He said it is best to use a combination of upper and lowercase letters and numbers. If you add an odd character or symbol, the password becomes even stronger, he said. A true strong password must contain at least 14 characters, including numbers, upper and lower-case letters, and special characters.

Warkentin teaches students in his information systems classes at MSU to think of phrases personal to themselves, such as lyrics to a favorite song that they will find easy to remember, but others would have difficulty guessing.

Even if they are "strong," some passwords still may be compromised because of security breaches like Heartbleed, Warkentin said. It is online attacks and vulnerability discoveries that illustrate the importance of having unique passwords for the most sensitive information instead of using the same passwords repeatedly across the Internet.

"I would not reuse your bank or brokerage password anywhere else; I would make that a one-of-a-kind," he said, noting that if a hacker gains password information at one site, he may then go to other websites and try the same passwords to gain access to additional accounts.

While the most sensitive information needs the highest standards of security, Warkentin said many other websites which require login information are much less of a security concern because less personal information is at risk. He used as an example that some newspapers require login information before giving access to news articles, but they don't store sensitive personal data.

"It helps if people can think about information in terms of the risk of harm," he said.  

"If someone logs in as you on a website, can they hurt you?" he continued. "If it's your bank or your social media account, the answer is yes. On other sites, there is less at stake if the only power they have is to change your news preferences, for example, without gaining any real personal data."

Warkentin advises using different passwords for different websites, but one good tip is to create a strong base password, like the "Is2wi2008" example, but make it unique to various websites by using add-ons. He said an adaptation to the example could be using "Is2wi2008Amz" for shopping on Amazon.  

"Then they're all about the same, and they're strong, but they're also unique because of those last two or three characters," he said.

Some other tips shared by Warkentin include:

  • If it is necessary to write down passwords, it is critical to store them in a safe secure location. "Don't write it on a sticky note by your monitor," he said.
  • Utilize more than one authentication method for the most sensitive data. "The best security is when you use two-factor authentication; it's much safer because when someone gets your password, they still don't have everything they need to gain access."
  • Request higher levels of security for accounts that many banking systems offer. Higher security usually involves an additional challenge question for accessing information via telephone, so clients can't just verify their basic information like ID number and address.

Because of Heartbleed's potential impact, Warkentin implored users to immediately change passwords at websites holding credit card, health or other personal information not to be shared--and also their social media and email platforms.

For more information about Mississippi State University, see www.msstate.edu.  

Bio and contact info available at: http://www.misprofessor.us/

broadcast studio available

Merrill Warkentin is a Professor of Information Systems and the Richard Adkerson Notable Scholar in the College of Business at Mississippi State University.

For more information, see news release at: http://www.msstate.edu/web/media/detail.php?id=6587

This news release was issued on behalf of Newswise™. For more information, visit http://www.newswise.com.

Contact: Allison Matthews, 662-325-7457, [email protected] 

SOURCE Mississippi State University

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
Information technology is an industry that has always experienced change, and the dramatic change sweeping across the industry today could not be truthfully described as the first time we've seen such widespread change impacting customer investments. However, the rate of the change, and the potential outcomes from today's digital transformation has the distinct potential to separate the industry into two camps: Organizations that see the change coming, embrace it, and successful leverage it; and...
SYS-CON Events announced today that Sheng Liang to Keynote at SYS-CON's 19th Cloud Expo, which will take place on November 1-3, 2016 at the Santa Clara Convention Center in Santa Clara, California.
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life sett...
Video experiences should be unique and exciting! But that doesn’t mean you need to patch all the pieces yourself. Users demand rich and engaging experiences and new ways to connect with you. But creating robust video applications at scale can be complicated, time-consuming and expensive. In his session at @ThingsExpo, Zohar Babin, Vice President of Platform, Ecosystem and Community at Kaltura, will discuss how VPaaS enables you to move fast, creating scalable video experiences that reach your ...
One of biggest questions about Big Data is “How do we harness all that information for business use quickly and effectively?” Geographic Information Systems (GIS) or spatial technology is about more than making maps, but adding critical context and meaning to data of all types, coming from all different channels – even sensors. In his session at @ThingsExpo, William (Bill) Meehan, director of utility solutions for Esri, will take a closer look at the current state of spatial technology and ar...
The vision of a connected smart home is becoming reality with the application of integrated wireless technologies in devices and appliances. The use of standardized and TCP/IP networked wireless technologies in line-powered and battery operated sensors and controls has led to the adoption of radios in the 2.4GHz band, including Wi-Fi, BT/BLE and 802.15.4 applied ZigBee and Thread. This is driving the need for robust wireless coexistence for multiple radios to ensure throughput performance and th...
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
In his General Session at DevOps Summit, Asaf Yigal, Co-Founder & VP of Product at Logz.io, will explore the value of Kibana 4 for log analysis and will give a real live, hands-on tutorial on how to set up Kibana 4 and get the most out of Apache log files. He will examine three use cases: IT operations, business intelligence, and security and compliance. This is a hands-on session that will require participants to bring their own laptops, and we will provide the rest.
SYS-CON Events announced today that Bsquare has been named “Silver Sponsor” of SYS-CON's @ThingsExpo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. For more than two decades, Bsquare has helped its customers extract business value from a broad array of physical assets by making them intelligent, connecting them, and using the data they generate to optimize business processes.
In this strange new world where more and more power is drawn from business technology, companies are effectively straddling two paths on the road to innovation and transformation into digital enterprises. The first path is the heritage trail – with “legacy” technology forming the background. Here, extant technologies are transformed by core IT teams to provide more API-driven approaches. Legacy systems can restrict companies that are transitioning into digital enterprises. To truly become a lea...
Internet of @ThingsExpo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 19th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devices - comp...
What are the new priorities for the connected business? First: businesses need to think differently about the types of connections they will need to make – these span well beyond the traditional app to app into more modern forms of integration including SaaS integrations, mobile integrations, APIs, device integration and Big Data integration. It’s important these are unified together vs. doing them all piecemeal. Second, these types of connections need to be simple to design, adapt and configure...
Why do your mobile transformations need to happen today? Mobile is the strategy that enterprise transformation centers on to drive customer engagement. In his general session at @ThingsExpo, Roger Woods, Director, Mobile Product & Strategy – Adobe Marketing Cloud, covered key IoT and mobile trends that are forcing mobile transformation, key components of a solid mobile strategy and explored how brands are effectively driving mobile change throughout the enterprise.
“We're a global managed hosting provider. Our core customer set is a U.S.-based customer that is looking to go global,” explained Adam Rogers, Managing Director at ANEXIA, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Adobe is changing the world though digital experiences. Adobe helps customers develop and deliver high-impact experiences that differentiate brands, build loyalty, and drive revenue across every screen, including smartphones, computers, tablets and TVs. Adobe content solutions are used daily by millions of companies worldwide-from publishers and broadcasters, to enterprises, marketing agencies and household-name brands. Building on its established design leadership, Adobe enables customers not o...