CYBERSECURITY
image

Business Insider

The guy responsible for making passwords such a pain now says he was wrong

Author of the rules that changes are more predictable when passwords are updated regularly

PUBLISHED : Tuesday, 08 August, 2017, 1:19pm
UPDATED : Tuesday, 08 August, 2017, 1:22pm

By Becky Peterson

If you’ve ever wracked your brain trying to think up a password with the requisite mix of numbers, exclamation marks and other special characters, we’ve got news for you:

You’re doing it wrong. 

Mind you, it’s not your fault. Security best-practice guidelines going back more than a decade have recommended resetting passwords every 90 days and creating cryptic strings of characters, rather than easy-to-remember words, as the ideal password strategy. 

But according to a report in the Wall Street Journal on Monday, the person responsible for this has had a change of mind.  

“Much of what I did I now regret,” Bill Burr, the 72-year-old author of the annoyingly familiar password rules, told The Wall Street Journal.

Burr’s guidelines — first published in 2003 — suggested that to optimise security, passwords must be reset every 90 days, and contain a mix of an uppercase letter, number, and special character. Most passwords, by necessity, look something like this: Password1!. 

Burr told the Journal that most people make the same, predictable changes — such as switching from a 1 to a 2 — which makes it easy for hackers to guess. 

Now the National Institute of Standards and Technology has set new guidelines. Passwords should be long and easy-to-remember, and only need to be changed when there is sign of a breach. Long pass phrases work better because they can be super long and still easy to memorise.

While Burr’s candor is refreshing — considering all of the frustrating password reset emails he’s inadvertently responsible for — he’s not the first person to discredit the 2003 guidelines.

Last August, the Federal Trade Commission’s chief technologist, Lorrie Cranor, busted the myth, telling a security conference essentially the same thing: periodic changes make passwords less secure. 

Long live the universal password! 

See Also:
This is the work bag professional women everywhere have been looking for
Nine details you might have missed on the latest 'Game of Thrones' episode
'Game of Thrones' pulls off one of its greatest episodes in the shortest of time

Read the original article at Business Insider