Missouri State University

Skip to content Skip to navigation
a b c d e f g h i j k l m n o p q r s t u v w x y z

College of Business News

"Think Bigger and Bolder"

Bears Business Brief: Password Security an Issue

November 13, 2014 by phl988

 

By Shannon McMurtrey, Ph.D

Shannon McMurtrey
Shannon McMurtrey

I have been thinking a lot about passwords lately. Probably due to the fact that the time to reset my password on one of my primary accounts has rolled around again (as it seems to roll around faster and faster each time) and I had to YET AGAIN come up with this crazy long impossible to remember password to keep my account safe. This ritual always reminds me of an XKCD cartoon (humor for math geeks) from a couple of years ago that makes the point, in a very elegant way, that we have gotten very good at training humans to come up with passwords that are easy for computers to guess and nigh unto impossible for humans to remember.

I’m probably also thinking about passwords due to the recent disclosure of 1.2 billion user names and passwords. This is the largest breach announced to date. There are some questions that remain around this announcement, as the company that discovered the breach has chosen to monetize their discovery rather then provide full details about what exactly was discovered; but it is still a very significant announcement.

Regardless, the point remains that password security is dead. I know that is a strong statement; but you really should make the assumption that your passwords are out there, somewhere, and you need to reset all of your passwords. This is especially true of your online financial accounts. When you create your new passwords, make sure that you are not reusing a password that you also use somewhere else. We all tend to want to use the same password everywhere, because that makes it easier to remember the password. Unfortunately, this also makes it easier for the bad guys to exploit once they obtain that password. Two steps that you can take to make your life easier are to research and purchase a password manager program (do a search on ‘the best password managers’) and use it. They simplify managing multiple, complex passwords and are well worth the investment.

The other step you should take is to use two-factor authentication wherever you can. The ‘two-factor’ means that you are using two pieces of information to authenticate rather then just one. For example, I might use a password (something I know) and a code received on my cell phone via text (something I have) to verify that I should have access to this Gmail or Dropbox account (both support two factor authentication).

Now I know what you’re thinking, “my password is so crazy that no one would ever be able to crack it!” Maybe you came up with a sentence like, “our kids are crazy,” and then some date that was significant to you, “02-03-06” for example. Then you interchanged the letters and numbers to come up with your uber-strong-impossible-to-crack password of, “o2k3a6c.” Sure, it was a pain to type the first few times as you had to consciously think about the sentence and the date; but over time your muscle memory kicked in and you type it without even hardly being aware of it.

Here’s the problem, rainbow tables. In the “Hacker Techniques” class that I teach for our Cybersecurity Masters program we talk about rainbow tables. Using a rainbow table attack I was able to crack that password (o2k3a6c) on non-optimized hardware, in less than ten hours. I’m working on a machine now that will crack it in minutes. I hope this doesn’t cause you to fear doing anything online, that isn’t the point at all. The point is to help you understand how important it is to use long passwords that are a combination of letters, numbers, and special characters, and most importantly, to use two-factor authentication wherever you can. I want you to feel as safe online as you do living here in the Ozarks. With a little bit of investment on your part, you can do it!

This article appeared in the October 11, 2014 issue of the Springfield News-Leader. It is available online here.

Shannon McMurtrey, Ph.D., is director of Missouri State University’s master’s program in cybersecurity, as well as program director for the master’s in computer information systems in the department of computer information systems. Email: shannonmcmurtrey@missouristate.edu.

Filed Under: Bears Business Brief, College of Business, Information Technology and Cybersecurity Tagged With: Bears Business Brief, Shannon McMurtrey

Categories

  • Ad Team
  • Alumni Spotlight
  • BearBiz Newsletter
  • Bears Business Brief
  • COB Connection
  • COB Scholarships
  • College of Business
  • David D. Glass Distinguished Lecture Series
  • Executive Advisory Council
  • Faculty and Staff Spotlight
  • Fashion & Interior Design Department (see Merchandising and Fashion Design Department)
  • Featured
  • Finance and Risk Management
  • health administration
  • Homecoming
  • Information Technology
  • Information Technology and Cybersecurity
  • Management
  • Management and Information Technology
  • Marketing
  • MBA
  • Merchandising and Fashion Design Department
  • Online
  • School of Accountancy
  • Student Spotlight
  • Student Success
  • Technology & Construction Management
  • Uncategorized

Tags

accounting Ad Team AITP Alumni Spotlight Barry Cobb Bears Business Brief Beta Alpha Psi COB COB alumni COB Career Fair COB impact College of Business community engagement Computer Information Systems Cybersecurity Enactus Entertainment Management Faculty Spotlight Fashion Fashion Design FID Finance Finance and General Business Glass Hall renovation Information Technology Interior Design International Business Programs James Philpot Jeff Jones Kerri Tassin Les Heitger marketing Marketing Department MBA Rayanna Anderson Richard Ollis Risk Management and Insurance School of Accountancy Shannon McMurtrey Stephanie Bryant Student Spotlight Student Spotlight Study Away Technology and Construction Management Vickie Hicks

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org
Make your Missouri statementMake your Missouri statement
  • Last Modified: November 24, 2014
  • Accessibility
  • Disclaimer
  • Disclosures
  • EO/AA/M/F/Veterans/Disability/Sexual Orientation/Gender Identity
  • © 2013 Board of Governors, Missouri State University
  • Contact Information