Technology has created many wonders in our lives. And because it has become such a large part of our lives, we now often store sensitive and personal information on our technological devices (smartphones, computers, tablets, etc.). And in order to protect that information, we’ve created a password authentication process. For years we have needed to create passwords to protect our documents, photos and other personal information. And in 2003, Bill Burr, a manager at the National Institute of Standards and Technology (NIST), created a guidebook for password creation. But now he regrets it.
Essentially, Burr’s guidelines had suggested that we create incredibly complicated passwords in order to prevent any hackers or hacking software from breaking into our accounts or devices. These guidelines suggested that we create a new password regularly (roughly every 90 days or so) and that we use a series of numbers and lowercase and capital letters to fool would-be hackers. Unfortunately, as time has progressed and as new studies are being conducted, Burr has realized the error of his ways. These new studies suggest that the type of passwords that Burr suggested are actually not very safe. The NIST has found that using phrases for passwords is much harder to crack than alphanumeric words. And the suggestion about changing your password every 90 days? Wrong. Those same studies suggest that humans are less likely to drastically change their password each time they are asked to do so.
According to a report from Engadget, Burr stated his remorse for creating the guidlines that have plagued humanity for well over a decade stating, “Much of what I did I now regret.”
Fortunately, the NIST has finalized a new set of guidelines with the appropriate updates. The new guidelines include the aforementioned updates as well as the suggestion for IT departments to only force password changes in the event of a breach.
So, hopefully, for any of you who have gone to painstaking lengths to change your passwords up with a strange series of numbers, letters and symbols, you can now rest assured that soon you will be able to settle for a much less complicated password.