February 18, 2018

Everything you've ever been told about creating strong passwords is wrong

10 August 2017, 12:28 | Rudolph Thomas

Everything you've ever been told about creating strong passwords is wrong

The man responsible for most of your password headaches was wrong, and he's sorry

'As well people checking passwords they themselves may have used, I'm envisaging more tech-savvy people using this service to demonstrate a point to friends, relatives and co-workers: 'you see, this password has been breached before, don't use it!'

"I regret much of what I did (...)". The researchers say that they initially expected that they would only need to do a light edit of Burr's work, but the team ended up completely starting from scratch and cutting out many outdated password rules.

"Good advice is to make a long but memorable "passphrase", the new rules state".

Bill Burr was a manager at the National Institute of Standards and Technology in 2003 when he created a guide on how to create passwords that were more secure than your average version.

Here's hoping websites catch on fast. But, it is discovered that they are more easily cracked than you can imagine. An O becomes a zero, a 1 becomes an exclamation point, and now you have what looks like an impossible-to-crack password. Change your password every 90 days? Changing Pa55word!1 to Pa55word!2 doesn't keep the hackers at bay.

The man whose advice compelled the world to chose complex passwords - with capital letters, numbers and special characters - has admitted he was 'barking up the wrong tree'.

Speaking to the Wall Street Journal, Mr Burr said: "Much of what I did I now regret".

Those guidelines have since been updated, but Burr's advice has spread over the last decade and become nearly ubiquitous.

While my experience is anecdotal, there has reportedly been a measurable decline in user engagement and usage due to onerous, and ultimately, it turns out, ineffective and needlessly extravagant password requirements. "Appendix A" brought out in 2003 which listed the standard rules of setting passwords has been revised and a new edition been brought out that proves the previous ways of setting passwords as wrong.

All the rules you've ever known about coming up with a password have been thrown out the door. And then they eventually find something and then they just write it down. He also said people should change their passwords regularly. "It just doesn't make sense".

Experts now believe long passwords that contain perhaps four words are much harder to break than shorter ones with a mix of letters, characters and numbers. It would actually take 550 years for a computer to decode a phrase like "correct horse battery staple", cartoonist Randall Munroe calculated, and only three days to decode "Tr0ub4dor&3", at 1000 guesses per second.

Other News

Trending Now

Here's how solar power will handle the eclipse
The 18-seat cafe - which had its grand opening last August 21 - is named for this eclipse and the one coming up in 2024. Specially made solar glasses or a number 14 or darker welder's glass are among the safest methods for direct viewing.

New York Woman Quantasia Sharpton Suing Usher For Allegedly Giving Her Herpes
Bloom filed the suit in California where she said the law requires disclosure of a herpes diagnosis to one's sex partner. She says she is proud of Sharpton for coming forward and that the civilian has been body-shamed during this process.

Earnings on the Doorstep For CVS Health Corporation
Sussman Andrew also sold $1.13M worth of CVS Health Corp (NYSE:CVS) shares. 127 funds opened positions while 440 raised stakes. ValuEngine downgraded CVS Health Corporation from a "buy" rating to a "hold" rating in a research report on Friday, June 2nd.

Paul Manafort's Home Raided By FBI Agents In July
Meanwhile, there are numerous committees on Capitol Hill that have been looking into possible Russian influence on the election. Manafort has also been the subject of a separate investigation into his dealings and political relationships in the Ukraine.

Essential Phone in 'mass production' as Amazon, Tencent add backing
Essential also disclosed that Best Buy Co. stores and Inc. will be its retail launch partners in the U.S. It turns out that the Amazon Alexa Fund and China-based Tencent Holdings have contributed the $300 million package.

Simon McCoy Takes The P*ss Out Of The Dog Surfing Championships
Simon McCoy was left unimpressed when he started reading his script and discovered it was about the surfing event in California. EXSSSSSTREMELY CONFUSING Bizarre optical illusion has everyone confused... so does pic show snakes or doughnuts?

Dota 2 Card Game Artifact Announced
Hero abilities can be used, like Bounty Hunter being able to track an enemy Hero to pick up additional gold. A brief teaser trailer was released for the game ahead of its 2018 launch.

Why Floyd Mayweather Believes Conor McGregor Actually Has Edge In Fight
Sure, the MMA contingent has a list of reasons why McGregor could pull off a stunner, but the odds are what they are for a reason. His last fight was way back in September 2015 when he defeated Andre Berto at the MGM Grand Garden Arena, Paradise, Nevada, U.S.

Atlantic high pressure to affect weekday weather
A few rumbles of thunder are possible on Thursday , but come Friday we could see a stray strong to severe storm developing. We are stuck in this unsettled pattern with higher rain chances thanks to a stationary frontal boundary off to our north.

Facebook shuts down standalone app for teenagers, Lifestage
With Facebook Stories already available for all, it's easy to imagine Facebook implementing some of Lifestage's features. The Facebook Groups app had grown to be very buggy in recent months, often to the point of becoming unusable.