Published: 11 April 2014

A reminder about the importance of secure passwords

Surrey’s Alan Woodward suggests spring cleaning your passwords in the wake of the ‘Heartbleed Bug’.

Professor Alan Woodward (Visiting Professor in the Department of Computing) has been in the national news with advice on choosing computer passwords in the face of a serious security threat called the ‘Heartbleed Bug’.

The Heartbleed Bug is the name given to the vulnerability of cryptographic software library ‘OpenSSL’. OpenSSL is a widely-used security programme which uses an encryption protocol called Secure Sockets Layer (SSL) to scramble passwords.

"Now is the best time to update your computer passwords"

Professor Alan Woodward

“SSL is the ‘handshake’ that computers exchange when beginning a secure conversation,” Professor Woodward explains. “But researchers announced earlier this week that it’s possible for cybercriminals to exploit OpenSSL in order to extract sensitive data from the memory of users’ computers. Tests indicate that one of these pieces of sensitive data include users’ passwords.”

He continues, “As long as affected systems have been upgraded to a version of OpenSSL without the security flaw, now is the best time to update your computer passwords. In doing so, it’s important to choose a strong password which is resistant to the attacks we know hackers employ.”

Professor Woodward’s first tip is not to create a password associated with your own personal background. “Hackers can find out a lot about you from social media,” he says. “So if they are targeting you specifically and you choose, say, your pet’s name, you’re in trouble.”

Other tips include not choosing words from a dictionary; using a mix of unusual characters including symbols; and creating a range of passwords across different systems.

“I would also call for the use of password management systems which can help to create purely random passwords"

Dr Shujun Li

Dr Shujun Li, Senior Lecturer within the Department of Computing, adds, “I would also call for the use of password management systems which can help to create purely random passwords and will make it much easier to update passwords when they are compromised. Password management systems are software tools helping users to create and store their login credentials, and many of them are free.”

You can see all of Professor Woodward’s advice here.

You can also read further about this story on The Conversation.

Learn more about Surrey's range of computing programmes.

Share what you've read?
Computer science