Everything you’ve ever been told about creating strong passwords is wrong


All of the advice you have received for more than a decade about creating passwords is wrong, according to the guy who wrote the rulebook on passwords.

Bill Burr who wrote a guide to creating passwords in 2003 while at the National Institute of Standards and Technology has said that if you follow the guide today you are likely to be vulnerable to hacking.

“Much of what I did I now regret,” Burr told the Wall Street Journal.

The eight page guide titled ‘NIST Special Publication 800-63. Appendix A’ suggested that in order to beef up your online security, you must create a new password every 90 days and that it must include a combination of upper and lower case letters, numbers and special characters.

However, by following this, Burr says it has resulted in people making the same predictable changes or using the same type of passwords that can be easy for people to guess.

For example, something like “Pa55word!” follows Burr’s guidelines but isn’t very secure and is very easy to guess.

Now the National Institute of Standards and Technology has set more modern guidelines which says passwords should be long and easy to remember and should only be changed if you think they have been compromised.

Instead of creating a password, opt for a passphrase that can be long but easy to remember.

“In the end, it was probably too complicated for a lot of folks to understand very well, and the truth is, it was barking up the wrong tree,” Burr said.

Of course you could use a password manager to manage your passwords and help you create long and cryptographically secure passwords, but you will still need to create a master password that needs to be very secure and one which you can easily remember.


Comments are closed.