- Black server says manager refused to discipline coworkers who sent racist receipt 2 Years Ago
- Who is Jonah Hauer-King, Disney’s new Prince Eric? 2 Years Ago
- Cut Katherine Langford ‘Avengers: Endgame’ scene lands on Disney+ 2 Years Ago
- Planned Parenthood app to show abortion-seeking users their nearest options 2 Years Ago
- ‘The Imagineering Story’ offers touching insight into Walt Disney’s vision 2 Years Ago
- YouTube mom who was charged with child abuse dead at 48 Today 11:39 AM
- Every Marvel Cinematic Universe movie and show missing from Disney+ (and when they’ll show up) Today 11:35 AM
- HBO Max is planning a ‘Friends’ reunion special Today 11:10 AM
- 18 games you’ll want to have for all your holiday parties Today 11:09 AM
- Why the internet is obsessed with the Home Depot song Today 11:04 AM
- What are the ‘nude pictures’ of Trump Devin Nunes keeps bringing up? Today 10:40 AM
- How to watch tonight’s fire Clippers vs. Rockets matchup online Today 9:27 AM
- Ilhan Omar says Stephen Miller emails prove he’s a ‘white nationalist Today 9:00 AM
- YouTubers Trisha Paytas and Gabbie Hanna are feuding—and it’s gotten nasty Today 8:40 AM
- Can buttoned-up Elizabeth Warren memes bring order to a chaotic 2020 election? Today 8:17 AM
The worst part of creating an online account is having to adhere to those obnoxious password rules: capitalize this, lowercase that, have these special characters, but not those. Once you figure out the riddle, you’re typically left with a phrase that’s impossible to remember. If it’s any consolation, at least you know you’ll be safe from hackers, right? Not a chance.
It turns out, the guy who invented those password rules almost 15 years ago now admits he got it all wrong. Former National Institute of Standards and Technology (NIST) manager Bill Burr—the man who wrote the gospel on password management back in 2003—feels guilty for misleading people.
“Much of what I did I now regret,” Burr told the Wall Street Journal. “In the end, it was probably too complicated for a lot of folks to understand very well, and the truth is, it was barking up the wrong tree.”
It’s OK to be angry, but don’t put all the blame on Burr. The fact that we blindly follow rules created 15 years ago—before we knew much about cybersecurity and the dangers we face today—is simply irresponsible. Not to mention the carelessness of some people, as made evident by the terrible passwords that top “most common passwords” lists every year, with gems like “123456” and “password.” Some of Burr’s suggestions, like using uncommon words that are a minimum of eight characters long, should still be considered today.
In fact, the new rules for creating a strong password focus on passphrases instead of a random string of characters and letters. A NIST guide published in June, recommends using at least 64 characters in a password, and forgetting about numbers and special characters. For example, “passwordisnotagoodpassword’ is much better than using “[email protected]$$word1.”
The idea is that a short string of hard-to-remember characters is much easier for a hacker to figure out than a long phrase, like your favorite lyric or quote, because there are fewer character combinations to choose from.
The suggestions Burr made, and now regrets, came from his “NIST Special Publication 800-64. Appendix A” guide. They are still being used as online password requirement for almost every company, from online banking to social media registration.
Consider a system that used:
- a minimum of 8 character passwords, selected by subscribers from an alphabet of 94 printable characters,
- required subscribers to include at least one upper case letter, one lower case letter, one number and one special character, and;
- Used a dictionary to prevent subscribers from including common words and prevented permutations of the username as a password.
H/T The Age
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.