Published: Thu, August 10, 2017
Technology | By Ramiro Moody

The man behind those annoying password rules now says he was wrong

The man behind those annoying password rules now says he was wrong

Today, 14 years after it was published, the man who created the rules for a secure password admitted he was completely mistaken.

Bill Burr was not a security expert when he wrote the guidelines for password security for the U.S. National Institute of Standards and Technology in 2003.

This week, Burr told The Wall Street Journal his thinking was misguided. His 8-page document, "NIST Special Publication 800-63".

At the moment, the current advice is that people should NOT frequently change their passwords, as people tend to only make minor changes, such as turning a password such as "Silicon01" into "Silicon02", which is fairly easy to guess.

Now 73 and retired, Burr is coming forward and publicly apologizing for giving people the false hope of a more secure password. Taking the first letter of each word gives you the basis of a strong password like 'DyEfLaPb*DtTwWtSa?', which is easy to remember if you sing along to Katy Perry's Firework in your head as you login.

'It just drives people bananas and they don't pick good passwords no matter what you do'. People often change just one character of their password if the platform allows it, completely defeating the goal of the requirement in the first place. Gerhard says: "The other thing people will do is use the same password everywhere, which is a really, really bad idea".

Russian Federation says reserves right to retaliate over new European Union sanctions
European Union has expanded blacklist under one of its three sets of sanctions over Russia's encroachments against Ukraine . The EU said the blacklisted companies include Siemens' two Russian contractors that moved the turbines.

You Can Check Out For Honor for Free on PS4 This Weekend
The free trial begins Thursday, August 10, though PS4 and Uplay users will be able to pre-load the title beginning August 7. Ubisoft has announced that For Honor will be free to play this weekend.

Passengers say teen who jumped from plane at SFO was 'anxious, fidgety'
Law enforcement took the teen into custody, according to the airline. "They were yelling, 'Tell the flight attendants". Officials say the teen, who is a US citizen, was accosted by a construction crew working nearby on the airfield.

Now, Burr says that advice was a mistake.

Many passwords that do adhere to the complex requirements have ended up on lists of the most used phrases.

For example, a user inclined to choose "password" might well choose "Password1" if required to include a number and uppercase letter. This technology combines the convenience of a contactless sensor with biometric security, and uses image recognition and optical technology to scan the normally invisible vein pattern of the palm.

Many experts also recommend that people use password manager programs which can store passwords securely and enter them when needed automatically after the user supplies a single "master password". Long pass phrases work better because they can be super long and still easy to memorize.

As an extra security precaution you might be forced to change your password every month, but of course it's too hard to remember an entirely new password so we simply cycle through from "p@ssw0rd1" to "p@ssw0rd12" throughout the year. Now you'll finally be able to throw away that Post-it note that reminds you what your new password is.

Like this: