scorecard
  1. Home
  2. Enterprise
  3. The guy responsible for making passwords such a pain now says he was wrong

The guy responsible for making passwords such a pain now says he was wrong

Becky Peterson   

The guy responsible for making passwords such a pain now says he was wrong
Enterprise2 min read

passwords are like pants

parmiter/flickr user

Turns out, passwords are not like pants.

If you've ever wracked your brain trying to think up a password with the requisite mix of numbers, exclamation marks and other special characters, we've got news for you:

You're doing it wrong.

Mind you, it's not your fault. Security best-practice guidelines going back more than a decade have recommended resetting passwords every 90 days and creating cryptic strings of characters, rather than easy-to-remember words, as the ideal password strategy.

But according to a report in the Wall Street Journal on Monday, the person responsible for this has had a change of mind.

"Much of what I did I now regret," Bill Burr, the 72-year-old author of the annoyingly familiar password rules, told The Wall Street Journal.

Burr's guidelines - first published in 2003 - suggested that to optimize security, passwords must be reset every 90 days, and contain a mix of an uppercase letter, number, and special character. Most passwords, by necessity, look something like this: Password1!.

Burr told the Journal that most people make the same, predictable changes - such as switching from a 1 to a 2 - which makes it easy for hackers to guess.

Now the National Institute of Standards and Technology has set new guidelines. Passwords should be long and easy-to-remember, and only need to be changed when there is sign of a breach. Long pass phrases work better because they can be super long and still easy to memorize.

While Burr's candor is refreshing - considering all of the frustrating password reset emails he's inadvertently responsible for - he's not the first person to discredit the 2003 guidelines.

Last August, the Federal Trade Commission's chief technologist, Lorrie Cranor, busted the myth, telling a security conference essentially the same thing: periodic changes make passwords less secure.

Long live the universal password!

NOW WATCH: The biggest mistake everyone makes when eating steak, according to Andrew Zimmern

READ MORE ARTICLES ON


Advertisement

Advertisement