My Favorite pages


What's this?remove

  • Sign in to use the “My Favorites” feature.

Connect with us on:

Dream Big!

Man who created ‘PA$$Word’ guidelines was wrong


NEW YORK – Aug. 10, 2017 – Almost everyone now knows the standard advice for creating passwords: To keep your information secure, use complicated passwords filled with random numbers and symbols.

But the man who originally came up with those password guidelines now says he got it wrong.

Bill Burr, who first became an important voice in password security in 2003 while working for the government, says he now realizes that his original guidance may not keep passwords safer from hackers after all.

At the time, Burr, who issued what is considered the "bible" of passwords, advised using capital letters, numbers and non-alphabetic symbols – like aNDYrEALtor@miami – in passwords. By making the passwords difficult, he said users would keep their data more secure from hackers.

However, those complicated passwords appear ineffective now and haven't improved security, Burr says. In fact, he says the combinations may have even made computer systems less secure. Since they're harder for users to remember, people often end up using the same password repeatedly or writing their passwords down on sticky notes and attaching them to their screens.

Further, adding numbers or symbols to your passwords won't make them any less vulnerable to cyber attacks, he now says.

"Much of what I did, I now regret," Burr, who is now retired, told The Wall Street Journal. "In the end, it was probably too complicated for a lot of folks to understand very well, and the truth is, it was barking up the wrong tree."

He also said his advice to regularly change passwords was mistaken too because most people just alter one character (e.g. "username1" becomes "username2"), which does little to deter hackers.

Password guidelines originally issued by Burr from the National Institute for Science and Technology have since been updated. Users are now advised to use long but easy-to-remember "passphrases" – a string of a few words that they can remember with a visual. The password does not need to have special characters or numbers.

For example, a password like "horsecarrotsaddlestable" would take a much longer time for a cyber attack to decipher than "P@55w0rd," The Telegraph reports.

Also, one of the best ways to protect yourself from hackers is to use two-factor authentication, which will send a unique code to a cellphone or email address to complete the logging-in process to a secure website, security experts say.

Source: "Password Guru Who Told the World to Make Them Complicated Admits: I Got It Completely Wrong," The Telegraph (Aug. 8, 2017)

© Copyright 2017 INFORMATION INC., Bethesda, MD (301) 215-4688  

Related Topics: Technology