We've been writing passwords wrong for years

Mimi Launder
Sunday 13 August 2017 15:15
Science and Tech
Picture:(iStock/s-cphoto )

'Your password is not strong enough' is up there with 'unexpected item in the bagging area' as one of the most annoying phrases of the modern day.

This is all due to a set of guidelines from 2003, written by a guy who worked at the National Institute of Standards and Technology.

And that guy is now sorry.

Bill Burr's guidelines warned us to change our passwords every 90 days and use a variety of of characters.

Back then when the internet was in its relative infancy and everyone stuck to these guidelines without question.

But the man who wrote them now thinks they're gibberish - just like the elaborate passwords they encouraged us to dream up.

He told the Wall Street Journal:

Much of what I did I now regret.

Burr didn't have enough data on what made a successful password, leading his research astray.

He continued:

In the end, it was probably too complicated for a lot of folks to understand very well, and the truth is, it was barking up the wrong tree.

Instead, passwords should not rely on complexity but length - not only will this make them easier to remember, but harder to hack.

Hopefully websites will stop asking for unfeasibly complex passwords that demand numbers, capital letters and your firstborn child.

Not to worry, Burr - at least at entire generation will always remember their mother's maiden name, even if they do forget their passwords.

HT IFLScience, Wall Street Journal

More: 14 amazing iPhone features you probably had no idea about

Trending