It may be time to forget what you have been told previously about keeping your password-protected accounts secure.
For almost 15 years the standing advice for creating a “strong” password has been to use an elaborate mixture of symbols, letters, and numbers. This advice originated from a guide that was written by Bill Burr, a manager at the National Institute of Standards and Technology (NIST)
The password primer, a delightful little instructional manual with the catchy name “NIST Special Publication 800-63A” not only suggested that users create an elaborate password; it also recommended that it be changed every 90 days. These guidelines, written in 2003, have been the basis for security measures that have been giving employees headaches at businesses and government offices around the world.
Now the man who literally wrote the book on password security has changed his tune.
“In the end, it was probably too complicated for a lot of folks to understand very well, and the truth is, it was barking up the wrong tree,” Burr admits of his advice. New NIST standards were published in June and did away with much of Burr’s advice.
Experts now generally agree that long passwords that contain at least four words are much more difficult to break than shorter ones with a mix of numbers, symbols and letters. For example, according to new guidelines instead of using a password such as “P@ssW0rd123!” it would be more secure to use one like, “CorrectHorseBatteryStaple.” A random combination of actual words seems to be best.
As for Burr, the 72-year-old password guru tells The Wall Street Journal that, “Much of what I did I now regret.”
Note from HandelontheLaw.com: This article is to be used as an educational guide only and should not be interpreted as a legal consultation. Readers of this article are advised to seek an attorney if a legal consultation is needed. Laws may vary by state and are subject to change, thus the accuracy of this information can not be guaranteed. Readers act on this information solely at their own risk. Neither the author, handelonthelaw.com, or any of its affiliates shall have any liability stemming from this article.