Published: Thu, August 10, 2017
Hi-Tech | By Joan Schultz

Password advice changes, made easier to follow

Password advice changes, made easier to follow

The man who drew up widely-used password rules that are now regarded as wrong regrets ever having created them.

Recently, the original rules guide from the National Institute of Science and Technology of America, which Bill Burr wrote, has been updated and eliminated most of the old guidelines.

"Much of what I did I now regret", Burr told The Wall Street Journal in an interview. The paper, memorably titled "NIST Special Publications 800-63", became the benchmark, its diktats followed by government agencies, corporations, universities and individuals. Instead, he says people should find longer passwords made of words or phrases that are easy to remember.

Australia Finds Missing US Aircraft
Marine aircraft submerged after it crashed, killing three service members off the country's eastern coast, officials said Monday. U.S. military aircraft and boats scoured ocean waters off Australia searching without success for the three missing Marines.

Today, however, Burr has acknowledged that it could actually make it easier for hackers to steal passwords, contrary to common believes.

"In any event, people wound up with a bunch of fairly complicated rules as a result of that, and relatively short password change intervals in their systems, and I say the net result is to drive people insane and to get them to do dumb things, which don't improve their security at all", he said.

Hackers rely on "brute force" cyber attacks as computers cycle through every possible combination of characters to guess a password. In what could be a prime case for "too little, too late", Burr now says that he's sorry for putting us all through password hell. We hope that with more publicity about how risky it is to use weak passwords, more people will take steps to strengthen their passwords and, most importantly, use different passwords for different websites.

What Are Sea Lice? Culprit of Australian Boy's Leg Wounds Explained
But when he got out of the sea he discovered he was bleeding profusely from the calves down. He added that people should not be so concerned.

Mr. Burr recalled how his guidelines for digital security came not from experience, but from heavy research on the limited material that was available at the time.

We have all heard the recommendations: Use complicated passwords.

The better solution could be to simply use a password with four random words, because the number of letters can be more hard to hack than a small combination of letters and special characters, the Journal reports. "The rules make it harder for you to remember what your password is", she said. According to the WSJ, this calculation checks out with security experts.

Powerball results for 08/05/17; did anyone win the $287M jackpot?
Tickets sold in California, Florida and Tennessee each won a share of that world-record setting jackpot on January 13, 2016. Tickets for Friday night's Mega Millions drawing cost $1 per game to play and may be purchased up until 10:45 p.m.

London-based IT security expert Kevin Wharram said: 'You shouldn't have to keep changing your password'. His definitive work recommended random characters, letters, numbers, caps, casing, a mishmosh that the user not only had to remember (or remember where they'd recorded it) but had to, per his '03 recommendation, change each month into another nonsensical string of random characters and letters.

Like this: