IT expert regrets complex password advice

Bruno Cirelli
Agosto 13, 2017

Bill Burr (no not the comedian), now retired, was a manager at NIST (National Institute of Standards and Technology) who recommended this system in 2003 in a document that was then adopted by everyone and his motherboard.

The passwords, he suggested, could include these three elements by substituting letters for the symbols and digits. For example, "password" could become "pa$$w0rd".

In an interview with The Wall Street Journal Bill tells us, "Much of what I did I now regret".

Part of the problem, Burr explained, is that when people change their password after 30 days they often just alter one character - which is relatively easy for hackers to work out.

Burr is not alone in having a change of heart.

Security experts have regularly reiterated in the wake of various cyber attacks that password security remains one of the industry's biggest issues.

Short passwords with random characters are much quicker for computers to crack than longer passwords or passphrases which are not as randomly composed.

"People have started to say "look you're making passwords too difficult", he said.

"If you talk to most people they're still surprised to hear you say "don't use complex passwords and don't change them that often", because it feels instinctively right to do that". But this will proof you up against dictionary hacks or those that guess or have algorithms to constantly try and crack your password.

So, do you plan on changing your password now? Adding artificial password restriction produced less secure passwords. "You just keep the log book safe at home". This is instead of numbers and characters.

They also, smartly, recommend that passwords are compared against a list of known breached passwords.

The advice above is starkly different to that giving at the turn of the Millennium.

The burr's documents' advice that passwords should be made of irregular capitalization, number and special characters, was widely accepted by every sectors, like governments, educations, and banks.

The character sets it recommend selecting from were: Upper case letters; lower case letters; numbers; special characters such as $,? and &; and alternative characters such as µ, £, Æ.

Altre relazioni OverNewsmagazine

Discuti questo articolo