Now admits the curse of passwords now ‘drives people bananas’.
Bill Burr (not to be confused with comedian Bill Burr) originally came up with the rules on safe passwords, told the Wall Street Journal that his advice given way back at the start of the 21st Century was totally wrong.
Burr wrote the report on password security that would later become an international “bible” on the subject in 2003 whilst working for the US National Institute of Standards and Technology (NIST).
Keep it random
The report’s main advice advised using random numbers, capital letters, and non-alphabetic symbols when people created their passwords, in the belief that they would be subsequently more difficult to guess. The report also suggested that users should change them every 3 months.
“Much of what I did I now regret,” Mr Burr told the Wall Street Journal.
Every. 90. Days.
Burr’s 2003 report was the driving force responsible for offices and websites forcing people to adopt convoluted and long passwords, which were then written down so they wouldn’t forget them, causing a whole new different set of security issues. IT departments also got into the ‘best practice’ of insisting workers create new ones every 90 days, which if you were like me, meant adding an extra 1,2,3 or 4 to the end of my original password.
But Burr has now conceded that instead of improving security, the now standard precautionary combinations have actually made computer accounts less secure.
Et tu Brute (force)
Contrary to popular belief, the use of numbers and symbols to make obscure passwords doesn’t make computer systems any less vulnerable to “brute force” hacking in which computers use algorithms to cycle through every possible combination of characters to guess passwords
In recent years, security experts have increasingly been focussing on replacements for passwords using replacement technology such as biometrics, including iris and fingerprint sensors, some of which have already made their way onto smartphones.
So it doesn’t matter what I use for a password then?
No! The best advice when creating passwords is to use up to 4 completely random words that while obscure are easy enough to remember. 12345, for example is still bad, as is Pa55w0rd. ColdSaucerBlackTea however is now considered good, as the random nature of 4 different words would take a brute force attack around 50 years long to crack.
A decent solution in the meantime.
Of course, you can also just use a password manager that creates encrypted passwords for you and remembers them all for you as well. And well, would you believe it, we just happen to have some of the best password manager available for you to download right here on FileHippo. Yay!