News Feed Item

MSU Information Systems Expert Advises On Creating Strong Passwords In Response To 'Heartbleed'

MISSISSIPPI STATE, Miss., April 14, 2014 /PRNewswire-USNewswire/ -- The recently-discovered "Heartbleed" bug affecting as much as two-thirds of the Internet is causing people to hurriedly change passwords and further secure online personal information.

A variety of websites have found bug-related security vulnerabilities which affect sites employing OpenSSL, an open-source encryption technology that typically indicates personal information is safe with a lock icon in the web browser.

Merrill Warkentin of Mississippi State University said Friday [April 11] that choosing strong passwords is among the best proactive steps for minimizing vulnerability to identity theft.

"Never select a word that can be found in a dictionary," the information systems professor advised. Instead, he recommended three objectives for choosing strong passwords: make them hard to guess, hard to figure out and hard to "shoulder surf," meaning not easily observed by someone looking over your shoulder.

"If it's an obscure sequence of characters instead of a regular word, they are not going to be able to figure it out," he said.

Warkentin said users should think in terms of a "pass phrase" rather than a password. Personal phrases that may easily be remembered can become a hard-to-guess password when using the first letter of each word.

As an example, he said a phrase like "I started to work in 2008," could become the password "Is2wi2008." He said it is best to use a combination of upper and lowercase letters and numbers. If you add an odd character or symbol, the password becomes even stronger, he said. A true strong password must contain at least 14 characters, including numbers, upper and lower-case letters, and special characters.

Warkentin teaches students in his information systems classes at MSU to think of phrases personal to themselves, such as lyrics to a favorite song that they will find easy to remember, but others would have difficulty guessing.

Even if they are "strong," some passwords still may be compromised because of security breaches like Heartbleed, Warkentin said. It is online attacks and vulnerability discoveries that illustrate the importance of having unique passwords for the most sensitive information instead of using the same passwords repeatedly across the Internet.

"I would not reuse your bank or brokerage password anywhere else; I would make that a one-of-a-kind," he said, noting that if a hacker gains password information at one site, he may then go to other websites and try the same passwords to gain access to additional accounts.

While the most sensitive information needs the highest standards of security, Warkentin said many other websites which require login information are much less of a security concern because less personal information is at risk. He used as an example that some newspapers require login information before giving access to news articles, but they don't store sensitive personal data.

"It helps if people can think about information in terms of the risk of harm," he said.  

"If someone logs in as you on a website, can they hurt you?" he continued. "If it's your bank or your social media account, the answer is yes. On other sites, there is less at stake if the only power they have is to change your news preferences, for example, without gaining any real personal data."

Warkentin advises using different passwords for different websites, but one good tip is to create a strong base password, like the "Is2wi2008" example, but make it unique to various websites by using add-ons. He said an adaptation to the example could be using "Is2wi2008Amz" for shopping on Amazon.  

"Then they're all about the same, and they're strong, but they're also unique because of those last two or three characters," he said.

Some other tips shared by Warkentin include:

  • If it is necessary to write down passwords, it is critical to store them in a safe secure location. "Don't write it on a sticky note by your monitor," he said.
  • Utilize more than one authentication method for the most sensitive data. "The best security is when you use two-factor authentication; it's much safer because when someone gets your password, they still don't have everything they need to gain access."
  • Request higher levels of security for accounts that many banking systems offer. Higher security usually involves an additional challenge question for accessing information via telephone, so clients can't just verify their basic information like ID number and address.

Because of Heartbleed's potential impact, Warkentin implored users to immediately change passwords at websites holding credit card, health or other personal information not to be shared--and also their social media and email platforms.

For more information about Mississippi State University, see www.msstate.edu.  

Bio and contact info available at: http://www.misprofessor.us/

broadcast studio available

Merrill Warkentin is a Professor of Information Systems and the Richard Adkerson Notable Scholar in the College of Business at Mississippi State University.

For more information, see news release at: http://www.msstate.edu/web/media/detail.php?id=6587

This news release was issued on behalf of Newswise™. For more information, visit http://www.newswise.com.

Contact: Allison Matthews, 662-325-7457, [email protected] 

SOURCE Mississippi State University

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
The IoT has the potential to create a renaissance of manufacturing in the US and elsewhere. In his session at 18th Cloud Expo, Florent Solt, CTO and chief architect of Netvibes, discussed how the expected exponential increase in the amount of data that will be processed, transported, stored, and accessed means there will be a huge demand for smart technologies to deliver it. Florent Solt is the CTO and chief architect of Netvibes. Prior to joining Netvibes in 2007, he co-founded Rift Technologi...
SYS-CON Events announced today that Streamlyzer will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Streamlyzer is a powerful analytics for video streaming service that enables video streaming providers to monitor and analyze QoE (Quality-of-Experience) from end-user devices in real time.
@DevOpsSummit has been named the ‘Top DevOps Influencer' by iTrend. iTrend processes millions of conversations, tweets, interactions, news articles, press releases, blog posts - and extract meaning form them and analyzes mobile and desktop software platforms used to communicate, various metadata (such as geo location), and automation tools. In overall placement, @DevOpsSummit ranked as the number one ‘DevOps Influencer' followed by @CloudExpo at third, and @MicroservicesE at 24th.
@ThingsExpo has been named the Top 5 Most Influential M2M Brand by Onalytica in the ‘Machine to Machine: Top 100 Influencers and Brands.' Onalytica analyzed the online debate on M2M by looking at over 85,000 tweets to provide the most influential individuals and brands that drive the discussion. According to Onalytica the "analysis showed a very engaged community with a lot of interactive tweets. The M2M discussion seems to be more fragmented and driven by some of the major brands present in the...
Established in 1998, Calsoft is a leading software product engineering Services Company specializing in Storage, Networking, Virtualization and Cloud business verticals. Calsoft provides End-to-End Product Development, Quality Assurance Sustenance, Solution Engineering and Professional Services expertise to assist customers in achieving their product development and business goals. The company's deep domain knowledge of Storage, Virtualization, Networking and Cloud verticals helps in delivering ...
Most of us already know that adopting new cloud applications can boost a business’s productivity by enabling organizations to be more agile and ready to change course in our fast-moving and connected digital world. But the rapid adoption of cloud apps and services also brings with it profound security threats, including visibility and control challenges that aren’t present in traditional on-premises environments. At the same time, the cloud – because of its interconnected, flexible and adaptable...
Explosive growth in connected devices. Enormous amounts of data for collection and analysis. Critical use of data for split-second decision making and actionable information. All three are factors in making the Internet of Things a reality. Yet, any one factor would have an IT organization pondering its infrastructure strategy. How should your organization enhance its IT framework to enable an Internet of Things implementation? In his session at @ThingsExpo, James Kirkland, Red Hat's Chief Arch...
Extreme Computing is the ability to leverage highly performant infrastructure and software to accelerate Big Data, machine learning, HPC, and Enterprise applications. High IOPS Storage, low-latency networks, in-memory databases, GPUs and other parallel accelerators are being used to achieve faster results and help businesses make better decisions. In his session at 18th Cloud Expo, Michael O'Neill, Strategic Business Development at NVIDIA, focused on some of the unique ways extreme computing is...
Virgil consists of an open-source encryption library, which implements Cryptographic Message Syntax (CMS) and Elliptic Curve Integrated Encryption Scheme (ECIES) (including RSA schema), a Key Management API, and a cloud-based Key Management Service (Virgil Keys). The Virgil Keys Service consists of a public key service and a private key escrow service. 

WebRTC defines no default signaling protocol, causing fragmentation between WebRTC silos. SIP and XMPP provide possibilities, but come with considerable complexity and are not designed for use in a web environment. In his session at @ThingsExpo, Matthew Hodgson, technical co-founder of the Matrix.org, discussed how Matrix is a new non-profit Open Source Project that defines both a new HTTP-based standard for VoIP & IM signaling and provides reference implementations.
SYS-CON Media announced today that @WebRTCSummit Blog, the largest WebRTC resource in the world, has been launched. @WebRTCSummit Blog offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. @WebRTCSummit Blog can be bookmarked ▸ Here @WebRTCSummit conference site can be bookmarked ▸ Here
In his keynote at 19th Cloud Expo, Sheng Liang, co-founder and CEO of Rancher Labs, will discuss the technological advances and new business opportunities created by the rapid adoption of containers. With the success of Amazon Web Services (AWS) and various open source technologies used to build private clouds, cloud computing has become an essential component of IT strategy. However, users continue to face challenges in implementing clouds, as older technologies evolve and newer ones like Docke...
@ThingsExpo has been named the Top 5 Most Influential Internet of Things Brand by Onalytica in the ‘The Internet of Things Landscape 2015: Top 100 Individuals and Brands.' Onalytica analyzed Twitter conversations around the #IoT debate to uncover the most influential brands and individuals driving the conversation. Onalytica captured data from 56,224 users. The PageRank based methodology they use to extract influencers on a particular topic (tweets mentioning #InternetofThings or #IoT in this ...
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life sett...
You have great SaaS business app ideas. You want to turn your idea quickly into a functional and engaging proof of concept. You need to be able to modify it to meet customers' needs, and you need to deliver a complete and secure SaaS application. How could you achieve all the above and yet avoid unforeseen IT requirements that add unnecessary cost and complexity? You also want your app to be responsive in any device at any time. In his session at 19th Cloud Expo, Mark Allen, General Manager of...