You know those password tips most websites put like “Put an upper case in your password” or “Your password needs a special character”?
Well, forgot about all that says Bill Burr, the man who basically wrote the book on password management.
Mr. Burr, in 2003, was the author of the “National Institute of Standards and Technology (NIST) Special Publication 800-63. Appendix A”, an 8-page document which advised people to protect their online accounts by inventing different words obscure characters, capital letters, and numbers, all of which would need to be changed regularly.
This document basically became the password guidelines that many websites use today for loginning in.
Mr. Burr Admits That That “He Blew It”
But let’s be honest: Changing passwords every 90 days and coming up with new ones is a hassle and most people don’t even bother to change their passwords to something totally different.
If a user has a password, “PAssW0rd1”, best believe they’re likely to change their new password to “PAssW0rd2” instead of something totally different.
The new trend is now long, easy-to-remember phrases over crazy characters. New guidelines state that users should be forced to change passwords only if there is a sign they may have been stolen says NIST.
The Way We Set Up Passwords Don’t Work
The creator of XKCD calculated it would take 550 years to crack the password “correct horse battery staple,” all written as one word.
Passwords like Tr0ub4dor&3 could easily be cracked in three days, which have been verified by computer-security specialists.
But Mr Burr should not feel bad about his rules. They were the best thing at the thing. Going forward, there will probably be more security like Retina Scanning and Fingerprint for logging into devices and workstations.
Maybe one day we won’t need to remember our passwords like “TechN0va1$“* as our passwords and change them every so often.
*FYI, that is not my password 🙂
Source: Wall Street Journal