Welcome!

News Feed Item

MSU Information Systems Expert Advises On Creating Strong Passwords In Response To 'Heartbleed'

MISSISSIPPI STATE, Miss., April 14, 2014 /PRNewswire-USNewswire/ -- The recently-discovered "Heartbleed" bug affecting as much as two-thirds of the Internet is causing people to hurriedly change passwords and further secure online personal information.

A variety of websites have found bug-related security vulnerabilities which affect sites employing OpenSSL, an open-source encryption technology that typically indicates personal information is safe with a lock icon in the web browser.

Merrill Warkentin of Mississippi State University said Friday [April 11] that choosing strong passwords is among the best proactive steps for minimizing vulnerability to identity theft.

"Never select a word that can be found in a dictionary," the information systems professor advised. Instead, he recommended three objectives for choosing strong passwords: make them hard to guess, hard to figure out and hard to "shoulder surf," meaning not easily observed by someone looking over your shoulder.

"If it's an obscure sequence of characters instead of a regular word, they are not going to be able to figure it out," he said.

Warkentin said users should think in terms of a "pass phrase" rather than a password. Personal phrases that may easily be remembered can become a hard-to-guess password when using the first letter of each word.

As an example, he said a phrase like "I started to work in 2008," could become the password "Is2wi2008." He said it is best to use a combination of upper and lowercase letters and numbers. If you add an odd character or symbol, the password becomes even stronger, he said. A true strong password must contain at least 14 characters, including numbers, upper and lower-case letters, and special characters.

Warkentin teaches students in his information systems classes at MSU to think of phrases personal to themselves, such as lyrics to a favorite song that they will find easy to remember, but others would have difficulty guessing.

Even if they are "strong," some passwords still may be compromised because of security breaches like Heartbleed, Warkentin said. It is online attacks and vulnerability discoveries that illustrate the importance of having unique passwords for the most sensitive information instead of using the same passwords repeatedly across the Internet.

"I would not reuse your bank or brokerage password anywhere else; I would make that a one-of-a-kind," he said, noting that if a hacker gains password information at one site, he may then go to other websites and try the same passwords to gain access to additional accounts.

While the most sensitive information needs the highest standards of security, Warkentin said many other websites which require login information are much less of a security concern because less personal information is at risk. He used as an example that some newspapers require login information before giving access to news articles, but they don't store sensitive personal data.

"It helps if people can think about information in terms of the risk of harm," he said.  

"If someone logs in as you on a website, can they hurt you?" he continued. "If it's your bank or your social media account, the answer is yes. On other sites, there is less at stake if the only power they have is to change your news preferences, for example, without gaining any real personal data."

Warkentin advises using different passwords for different websites, but one good tip is to create a strong base password, like the "Is2wi2008" example, but make it unique to various websites by using add-ons. He said an adaptation to the example could be using "Is2wi2008Amz" for shopping on Amazon.  

"Then they're all about the same, and they're strong, but they're also unique because of those last two or three characters," he said.

Some other tips shared by Warkentin include:

  • If it is necessary to write down passwords, it is critical to store them in a safe secure location. "Don't write it on a sticky note by your monitor," he said.
  • Utilize more than one authentication method for the most sensitive data. "The best security is when you use two-factor authentication; it's much safer because when someone gets your password, they still don't have everything they need to gain access."
  • Request higher levels of security for accounts that many banking systems offer. Higher security usually involves an additional challenge question for accessing information via telephone, so clients can't just verify their basic information like ID number and address.

Because of Heartbleed's potential impact, Warkentin implored users to immediately change passwords at websites holding credit card, health or other personal information not to be shared--and also their social media and email platforms.

For more information about Mississippi State University, see www.msstate.edu.  

Bio and contact info available at: http://www.misprofessor.us/

broadcast studio available

Merrill Warkentin is a Professor of Information Systems and the Richard Adkerson Notable Scholar in the College of Business at Mississippi State University.

For more information, see news release at: http://www.msstate.edu/web/media/detail.php?id=6587

This news release was issued on behalf of Newswise™. For more information, visit http://www.newswise.com.

Contact: Allison Matthews, 662-325-7457, [email protected] 

SOURCE Mississippi State University

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
In this presentation, you will learn first hand what works and what doesn't while architecting and deploying OpenStack. Some of the topics will include:- best practices for creating repeatable deployments of OpenStack- multi-site considerations- how to customize OpenStack to integrate with your existing systems and security best practices.
As you move to the cloud, your network should be efficient, secure, and easy to manage. An enterprise adopting a hybrid or public cloud needs systems and tools that provide: Agility: ability to deliver applications and services faster, even in complex hybrid environments Easier manageability: enable reliable connectivity with complete oversight as the data center network evolves Greater efficiency: eliminate wasted effort while reducing errors and optimize asset utilization Security: implemen...
Your homes and cars can be automated and self-serviced. Why can't your storage? From simply asking questions to analyze and troubleshoot your infrastructure, to provisioning storage with snapshots, recovery and replication, your wildest sci-fi dream has come true. In his session at @DevOpsSummit at 20th Cloud Expo, Dan Florea, Director of Product Management at Tintri, provided a ChatOps demo where you can talk to your storage and manage it from anywhere, through Slack and similar services with...
Most people haven’t heard the word, “gamification,” even though they probably, and perhaps unwittingly, participate in it every day. Gamification is “the process of adding games or game-like elements to something (as a task) so as to encourage participation.” Further, gamification is about bringing game mechanics – rules, constructs, processes, and methods – into the real world in an effort to engage people. In his session at @ThingsExpo, Robert Endo, owner and engagement manager of Intrepid D...
Recently, WebRTC has a lot of eyes from market. The use cases of WebRTC are expanding - video chat, online education, online health care etc. Not only for human-to-human communication, but also IoT use cases such as machine to human use cases can be seen recently. One of the typical use-case is remote camera monitoring. With WebRTC, people can have interoperability and flexibility for deploying monitoring service. However, the benefit of WebRTC for IoT is not only its convenience and interopera...
Evan Kirstel is an internationally recognized thought leader and social media influencer in IoT (#1 in 2017), Cloud, Data Security (2016), Health Tech (#9 in 2017), Digital Health (#6 in 2016), B2B Marketing (#5 in 2015), AI, Smart Home, Digital (2017), IIoT (#1 in 2017) and Telecom/Wireless/5G. His connections are a "Who's Who" in these technologies, He is in the top 10 most mentioned/re-tweeted by CMOs and CIOs (2016) and have been recently named 5th most influential B2B marketeer in the US. H...
Michael Maximilien, better known as max or Dr. Max, is a computer scientist with IBM. At IBM Research Triangle Park, he was a principal engineer for the worldwide industry point-of-sale standard: JavaPOS. At IBM Research, some highlights include pioneering research on semantic Web services, mashups, and cloud computing, and platform-as-a-service. He joined the IBM Cloud Labs in 2014 and works closely with Pivotal Inc., to help make the Cloud Found the best PaaS.
Companies are harnessing data in ways we once associated with science fiction. Analysts have access to a plethora of visualization and reporting tools, but considering the vast amount of data businesses collect and limitations of CPUs, end users are forced to design their structures and systems with limitations. Until now. As the cloud toolkit to analyze data has evolved, GPUs have stepped in to massively parallel SQL, visualization and machine learning.
"With Digital Experience Monitoring what used to be a simple visit to a web page has exploded into app on phones, data from social media feeds, competitive benchmarking - these are all components that are only available because of some type of digital asset," explained Leo Vasiliou, Director of Web Performance Engineering at Catchpoint Systems, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
Everything run by electricity will eventually be connected to the Internet. Get ahead of the Internet of Things revolution. In his session at @ThingsExpo, Akvelon expert and IoT industry leader Sergey Grebnov provided an educational dive into the world of managing your home, workplace and all the devices they contain with the power of machine-based AI and intelligent Bot services for a completely streamlined experience.
"This week we're really focusing on scalability, asset preservation and how do you back up to the cloud and in the cloud with object storage, which is really a new way of attacking dealing with your file, your blocked data, where you put it and how you access it," stated Jeff Greenwald, Senior Director of Market Development at HGST, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
"Venafi has a platform that allows you to manage, centralize and automate the complete life cycle of keys and certificates within the organization," explained Gina Osmond, Sr. Field Marketing Manager at Venafi, in this SYS-CON.tv interview at DevOps at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Creating replica copies to tolerate a certain number of failures is easy, but very expensive at cloud-scale. Conventional RAID has lower overhead, but it is limited in the number of failures it can tolerate. And the management is like herding cats (overseeing capacity, rebuilds, migrations, and degraded performance). In his general session at 18th Cloud Expo, Scott Cleland, Senior Director of Product Marketing for the HGST Cloud Infrastructure Business Unit, discussed how a new approach is neces...
Cloud-enabled transformation has evolved from cost saving measure to business innovation strategy -- one that combines the cloud with cognitive capabilities to drive market disruption. Learn how you can achieve the insight and agility you need to gain a competitive advantage. Industry-acclaimed CTO and cloud expert, Shankar Kalyana presents. Only the most exceptional IBMers are appointed with the rare distinction of IBM Fellow, the highest technical honor in the company. Shankar has also receive...
"We're developing a software that is based on the cloud environment and we are providing those services to corporations and the general public," explained Seungmin Kim, CEO/CTO of SM Systems Inc., in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.