IT&Software

Password Expert Regrets Complex Password Advice

Password Expert Regrets Complex Password Advice

Today, 14 years after it was published, the man who created the rules for a secure password admitted he was completely mistaken.

"Much of what I did I now regret", said Burr of his past work.

That eight-page document "NIST Special Publication 800-63".

The new guidelines state that a long, easy-to-remember phrase is more effective than a shorter password with odd characters.

He says, for example, that users who did follow guidelines and change their password had a habit of only implementing slight changes that did nearly nothing to improve security.

Bill Burr, a former manager at the National Institute of Standards and Technology (NIST), put the rules together in 2003. People are now being advised to use long but easy-to-remember 'passphrases, ' that does not necessarily feature special characters or numbers. "It just drives people bananas and they don't pick good passwords no matter what you do".

Hackers rely on "brute force" cyber attacks as computers cycle through every possible combination of characters to guess a password.

As a result, that would then prompt us to instead use passwords like "P@ssw0rd or "0DoyleRulz".

Burr now regrets these rules and says that he was wrong about them.

You've probably followed this go-to password strategy countless times online: a letter, number, at least one uppercase letter and a special character.

Bill Burr was working for the USA government when he came up with guidelines in 2003. This technology combines the convenience of a contactless sensor with biometric security, and uses image recognition and optical technology to scan the normally invisible vein pattern of the palm.

A far better approach than telling people to use complex passwords, is to advise them to classify the systems to which they need to secure access. And if an account is still making you update your password regularly, know that it is a complete waste of your time.

For instance, "Tr0ub4dor&3" could take just three days to crack, according to one viral comic whose assertions have been verified by security researchers, while "CorrectHorseBatteryStaple" could take 550 years. In theory the best passwords look like complete gibberish, but they're obviously more hard to commit to memory.

It did away with recommending periodic password changes and password complexity requirements, while introducing a requirement to check that new passwords aren't compromised or commonly used, like "1234567" or "password", which always turn up in breaches as the most common secrets.


  • North Korea Finally Frees Foreign Pastor After Years In Detention

    North Korea Finally Frees Foreign Pastor After Years In Detention

    Led by the national security adviser to Canadian Prime Minister Justin Trudeau , the delegation arrived in North Korea on Tuesday. He was medically evacuated to the U.S. on a military plane the following day after serving prison in North Korea for 17 months.
    Violent Incidents Cast A Dark Cloud Over Kenya's Upcoming Election

    Violent Incidents Cast A Dark Cloud Over Kenya's Upcoming Election

    Odinga was also a candidate in the 2007 election, which was followed by deadly violence fueled by ethnic rivalries. To win the election, a candidate must win 50% + 1 of the votes, as well as 25% in at least 24 of 47 counties.
    White House: Trump 'not discussing' firing Mueller

    White House: Trump 'not discussing' firing Mueller

    Flynn's consulting business was paid $530,000 to handle a campaign against an opponent of the Turkish government. Taking money from Turkey or any foreign government is not illegal.
  • Rafa Benitez admits he's not happy with summer business so far

    Rafa Benitez admits he's not happy with summer business so far

    When I made a decision to stay it's because for me it's a challenge. Benitez added: "Am I happy with the way we have done things? No".
    The Dark Tower Director Discusses What's Next After Film's Ending (SPOILERS)

    The Dark Tower Director Discusses What's Next After Film's Ending (SPOILERS)

    Dunkirk came in second at the box office this week amassing $17.6 million falling only 34% from its initial release. The movie stars Halle Berry as a mother attempting to rescue her son after he is taken.
    Three Boy Scouts dead after sailing tragedy

    Three Boy Scouts dead after sailing tragedy

    Thomas Larry has died from injuries suffered in the boating accident on Lake O' the Pines Saturday afternoon. The oldest teen was found in the boat while the other two fell into the water.
  • Maxine Waters Won't Rule Out All-Black Party

    Maxine Waters Won't Rule Out All-Black Party

    That's what the Democrat from California told the hosts of ABC's " The View " during an interview on Friday. "They're undermining him because they want to see him stopped".
    Australian navy locate crashed U.S.  military Osprey

    Australian navy locate crashed U.S. military Osprey

    Senator Payne said a number of ADF assets are involved in supporting the US-led recovery operation. The Osprey is created to take off like a helicopter and rotate its propellers to fly like a plane.
    Adam Gase says Jay Cutler will be Dolphins starting quarterback

    Adam Gase says Jay Cutler will be Dolphins starting quarterback

    This is the most talented offense that Cutler will have had the opportunity to play in, which will allow his talents to come out. The 34-year-old National Football League quarterback will be reuniting with Coach Adam Gase , who he worked with in Chicago.
  • Israel strikes Hamas positions in Gaza

    Israel strikes Hamas positions in Gaza

    A medical official at Shifa hospital in Gaza City were being treated for shrapnel wounds from the explosion. The Israeli military said it carried out the air attacks in response to a rocket fired towards Israel.

    HBO says internal emails are likely safe from hackers

    The hackers' recent ransom note didn't specify a sum - but the Guardian estimates they're demanding millions of dollars. On Monday, the network said it did not believe its email system in its entirety had been compromised.
    Netanyahu's former aide to testify against him in graft case

    Netanyahu's former aide to testify against him in graft case

    Police reportedly have a copy of a recording made by Harrow of a 2014 conversation between Netanyahu and the publisher. Police have been investigating Netanyahu for several months over the cases but have released sparse details.