Why You Should Ignore Everything You Have Been Told About Passwords

Why You Should Ignore Everything You Have Been Told About Passwords

And now the technology guru who came up with the rules on safeguarding personal information 14 years ago has admitted that his guidance was wrong. Now, Bill Burr, the man largely responsible for modern password guidelines, is coming forward to say he's incredibly sorry for the monster he's created. "Much of what I did I now regret", he told the Wall Street Journal. His 8-page document, "NIST Special Publication 800-63".

But rather than improving security, the combinations made computers less secure, since users would end up using the same password repeatedly, or writing them down on notes to remember.

For example, something like "Pa55word!" follows Burr's guidelines but isn't very secure and is very easy to guess. He was working for the National Institute of Standards and Technology in 2003 when he wrote his password advice issued by the non-regulatory USA agency.

Typing a password can be a bigger headache than people think, especially for corporate employees who are forced to use complicated, hard-to-remember passwords filled with random numbers and symbols.

But in an interview with The Wall Street Journal, the now-retired Burr said most of his advice was incorrect. They now advise that people use long but easy-to-remember "passphrases". Gerhard says: "The other thing people will do is use the same password everywhere, which is a really, really bad idea".

More news: Lindsey Graham issues dire warning to Trump about firing Robert Mueller

Burr wanted to base his guidelines on real world data, but not much data was available at the time. And Burr's suggestion that users change their passwords every 90 days only emboldened our inherent laziness by just adding numbers to existing passwords.

You can read the new draft guidelines from the NIST here.

The better solution could be to simply use a password with four random words, because the number of letters can be more hard to hack than a small combination of letters and special characters, the Journal reports. According to the projects lead Paul Grassi, and for the reasons listed above, the old rules did very little for security and compromised the usability of the internet. Your password doesn't become more hackable because it's been in use for more than 180 days.

Avoid refusing passwords: You obviously have more than just one account. Long pass phrases work better because they can be super long and still easy to memorize.

Fisk said if you don't have a strong password that's OK because Google is actively checking to make sure you are who you say you are.

Related Articles