Remember Those Strong Password Rules? Forget Them Here's The Real Deal

The Man Who Wrote Those Password Rules Has a New Tip: N3v$r M1^d!

The Man Who Wrote Those Password Rules Has a New Tip: N3v$r M1^d!

"Much of what I did I now regret", said Burr of his past work.

The suggestions Burr made, and now regrets, came from his "NIST Special Publication 800-64". Some of these include regularly changing your password every 90 days and using obscure numbers, characters, capital letters, etc. As it turns out, one of the writers of a document that has been used to create password policy for years says the suggestions he laid down are no longer valid.

Burr's original guidelines were published almost 15 years ago, when he worked at the National Institute of Standards and Technology.

But Burr is not wrong, as shorter passwords are easier to crack than a long string of easy-to-remember words.

The trouble, according to security researchers, is that in reality the recommendation caused many people to adopt highly predictable "complex" passwords, such as "Pa$$w0rd", to try to remember them. NIST now wants sites and companies to forgo requiring people to change their passwords periodically, which makes sense since a study from Carleton University revealed that this is a pretty useless tactic.

And there is little doubt that getting people to secure their accounts with unique and private logins is a good move, but long and complicated passwords often does not help matters. The increasingly complicated requirements are enough to make you pull your hair out, and just when you think you've nailed a decent login, you'll probably be forced to change it in a month anyway.

'Despacito' is now the most viewed video on YouTube
Luis Fonsi's summer smash Despacito has become one of only 11 tracks to spend 13 weeks or more at the top of the US pop charts. That video had recently surpassed Psy's "Gangnam Style" to be tops on YouTube. "Thank you YouTube for 'Despacito's success".

Additionally, it is also now recommended that users only be required to change their password if a breach has been suspected or confirmed.

Burr thought back then if you replace a few letters with numbers and characters you'd create a harder to crack password.

Using biometric log-in methods, such as Apple's Touch ID and Samsung's iris-scanning technology, can also provide an additional layer of protection, as can two-factor authentication (entering additional codes from another device to prove it's you). He had asked NIST's computer security experts for passwords as a case study, but they did not comply. You know, the one that says, "Your password is about to expire".

"Widely regarded as unsecure, passwords and PIN numbers are becoming a thing of the past as they can be copied, stolen, guessed or shared easily".

Security expert Troy Hunt, who is based in the Gold Coast in Australia, released the tool for searching if your password is among those hacked passwords that need changing.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.