Guy Who Wrote the Book on Passwords: I Was Wrong

Geronimo Vena
Agosto 8, 2017

All of the advice you have received for more than a decade about creating passwords is wrong, according to the guy who wrote the rulebook on passwords.

Bill Burr, a manager at the National Institute of Standards and Technology (NIST), wrote a password primer in 2003 that recommended numerous rules we have now: special characters, capitals and numbers.

"Much of what I did I now regret", Burr, now 72 and retired, told the Wall Street Journal in an interview.

Burr's 2003 National Institute of Standards and Technology password guidelines, while not necessarily bad ideas in themselves, led people to follow a lot of the same patterns when crafting passwords as the guidelines spread, thus giving a false sense of security while providing easy patterns for cracking. About 15 years ago, Burr authored something called the "NIST Special Publication 800-63".

What's more, the new advice says people shouldn't change their passwords unless informed of a specific threat of a hack.

Likewise, Burr's suggestion of changing passwords relatively frequently likely did little more than push users to fall into lazy password habits rather than crafting something that's actually hard to crack.

Of course you could use a password manager to manage your passwords and help you create long and cryptographically secure passwords, but you will still need to create a master password that needs to be very secure and one which you can easily remember.

Altre relazioni OverNewsmagazine

Discuti questo articolo