|
Cromwell, CT -- Existing recommendations for strong passwords were ill-conceived and not necessary, according to the man who developed password standards commonly used today by businesses, government agencies and consumers.
That man is Bill Burr, who wrote a white paper in 2003 for the National Institutes of Standards and Technology (NIST). The recommendations were based upon the best information about hacking available at that time.
The existing standards for strong passwords recommend the use of a combination of upper and lower case letters, digits and symbols. Reflecting on his whitepaper, Burr, who is now retired, told the Wall Street Journal something unexpected by technology experts. He says he got it wrong, and told the publication "Much of what I said, I now regret. I am sorry."
"Consumers find creating of a strong passwords tedious and complicated, and the passwords are difficult to remember," according to Connecticut Better Business Bureau spokesman Howard Schwartz. "That is likely why many consumers reuse the same password for multiple sites. The existing recommendations are old and based upon old outdated advice."
One publication did the math and came to the conclusion: Keep it simple.
"Tr0ub4dor&3" is considered to be a weak password that could be broken within as few as three days. On the other hand, the second password below, is a string of unrelated words with an uppercase letter for each word. No numerals or symbols are required.
Experts say "CorrectHorseBatteryStaple" could take 550 years to hack. It is comprised of random, easily-remembered words. That's what is considered to be the best practice right now.
Another area that Burr said he was wrong about, was his recommendation to change passwords on a monthly basis or several times a year. He now says there is no reason to change passwords unless they are compromised in a data breach.
To make the entire process less complicated, there are paid and free versions of "password management" programs. When you visit a site, the software asks if you'd like to save the login and password, and it can fill those fields the next time you visit the site. These programs can also generate passwords for you, eliminating the need to do so yourself.
It is risky to use the same password for more than one account or website. If your information is ever compromised, hackers will try the combination on a number of popular sites. An easier solution to the login/password combination is not far away. The next step will involve bio-metrics, such as using authentication by fingerprint, eye scanning or facial recognition.
You will find additional helpful information on safe computing at bbb.org.
|
F