bodyType

customContents

entityId

entityUuid

articlePageQuery

filter

article

articleBaseAdvertisingInfoArticle

articleListArticle

articleSeoArticle

helpersCheckIsPostiesArticle

hooksArticleAcknowledgementGateOverlayArticle

hooksTrackPageViewArticle

hooksContentInterestArticle

articleLinkingDataContent

hooksAmpRedirectArticle

articleSchemaContent

liveArticle

advertZone

sentiment

contentLock

topics

types

sections

moreOnThisArticles

urlAlias

commentCount

authorLocations

authors

corrections

sponsorType

displaySlideShow

multimediaEmbed

printHeadline

seriesContainer

socialHeadline

headline

flag

firstTopic

glossary

flattenTypeIds

publishedDate

additionalInfoBoxes

quizIds

images

image

relatedLinks

relatedNewsletters

__typename

createdDate

sponsor

paywallTypes

pdfFiles

seriesReverseOrder

series

disableOffPlatformContent

published

updatedDate

summary

subHeadline

body

keywords

readingTime

customTimezone

liveContents

Business Insider

By Becky Peterson
If you’ve ever wracked your brain trying to think up a password with the requisite mix of numbers, exclamation marks and other special characters, we’ve got news for you:
You’re doing it wrong. 
Mind you, it’s not your fault. Security best-practice guidelines going back more than a decade have recommended resetting passwords every 90 days and creating cryptic strings of characters, rather than easy-to-remember words, as the ideal password strategy. 
But according to a report in the Wall Street Journal on Monday, the person responsible for this has had a change of mind.  
“Much of what I did I now regret,” Bill Burr, the 72-year-old author of the annoyingly familiar password rules, told The Wall Street Journal.
Burr’s guidelines — first published in 2003 — suggested that to optimise security, passwords must be reset every 90 days, and contain a mix of an uppercase letter, number, and special character. Most passwords, by necessity, look something like this: Password1!. 
Burr told the Journal that most people make the same, predictable changes — such as switching from a 1 to a 2 — which makes it easy for hackers to guess. 
Now the National Institute of Standards and Technology has set new guidelines. Passwords should be long and easy-to-remember, and only need to be changed when there is sign of a breach. Long pass phrases work better because they can be super long and still easy to memorise.
While Burr’s candor is refreshing — considering all of the frustrating password reset emails he’s inadvertently responsible for — he’s not the first person to discredit the 2003 guidelines.
Last August, the Federal Trade Commission’s chief technologist, Lorrie Cranor, busted the myth, telling a security conference essentially the same thing: periodic changes make passwords less secure. 
Long live the universal password! 
See Also:
This is the work bag professional women everywhere have been looking for
Nine details you might have missed on the latest 'Game of Thrones' episode
'Game of Thrones' pulls off one of its greatest episodes in the shortest of time
Read the original article at Business Insider


Bezos’ Washington Post scraps ad calling for Trump to ‘fire Elon Musk’ from print editions

From Thailand’s ‘Ghost Tower’ to Pyongyang’s ‘Hotel of Doom’: Asia’s abandoned skyscrapers

Brutal, ‘brave’ and unrelenting: the North Korean troops fighting Ukraine

Trump, Musk highlighted in Ben & Jerry’s suit against Unilever over social mission interference

The guy responsible for making passwords such a pain now says he was wrong

Photo: Shutterstock

Tech

Author of the rules that changes are more predictable when passwords are updated regularly
