Man who invented P@$$w0rd guidelines regrets it
Anyone who has held a job that required a computer in the past decade and a half has been subjected to the tedious practice of having to change their password every 30 to 90 days. Then that password has to have an uppercase letter, a number, a symbol, an Egyptian hieroglyph, some ancient Sanskrit, your DNA sequence and that unpronounceable icon Prince used to use as his name. This came about thanks to one man. That man was Bill Burr, a former manager at the National Institute of Standards and Technology. He came up with these guidelines in 2003 in order to better protect government systems. These procedures spread out into the corporate world where they became gospel. Now the man behind the guidelines says not only does he regret these guidelines, but they are no longer effective.
Now it’s believed shorter passwords with these restrictions are easier to crack than longer passwords that are simple phrases. For example, a password along the lines of “safecommunityclassifieds” is harder to crack than “G33b0c0m”. (BTW, neither of those are used by Geebo.) The problem is a lot of employers and online services require you to use the restrictive password guidelines from 14 years ago, however, you can still use your personal passphrase with just a modicum of alteration to fit those requirements.
The other problem is the frequency in which some places require you to change your password. In a number of cases, users will alter their previous password by one digit or letter. If one of your old passwords were to be discovered and used one of these one character changes, it would be an easy matter to determine your current password.
So again, it’s now recommend you use a passphrase to use as your password and you should only change it if there has been some kind of security breach. You can check the security of passwords at this website.
Discover more from Greg's Corner
Subscribe to get the latest posts sent to your email.
Leave a Reply