Every time people have to create a new password is like engaging in a lengthy challenge. That’s because they are forced to consider several password rules before the website even lets them submit their choices. These tedious guidelines include a large number of characters, special characters, at least one uppercase, and a good memory to remember the result. Bill Burr created these indications around 15 years ago. However, after so many years of struggles, the author changed his mind.
Author of Password Rules Apologized to Online Users
In 2003, a manager at the National Institute of Standards and Technology wrote eight pages of guidelines. He was Bill Burr. The document is known as the “NIST Special Publication 800-63. Appendix A.” Soon afterward, the paper became the bible of online users that preaches the right way to create secure passwords.
Since that point on, websites adopted these requirements to guide users on their mission to sign up with a new password and username. Therefore, people couldn’t create their bank accounts, emails or other online accounts unless they came up with a series of normal, uppercase, and special characters.
However, Bill Burr wasn’t a security expert no matter how high in the professional hierarchy he used to be. The retired 72-year-old professional recently spoke about his 2003 manual. He took this opportunity to apologise to online users. He confessed that his source of inspiration was a white paper written before the web came to be.
“In the end, [the list of guidelines] was probably too complicated for a lot of folks to understand very well.”
NIST Changed Guidelines to Recommend People to Choose a Combination of Words as Passwords
New research shows that a string of several words that are easy to remember makes a more secure password than a short, random line of characters. For instance, a computer would need 550 years to guess a combination of four words.
However, it would only need three years to crack a line created in alignment with the old password rules. As a consequence, the new NIST guidelines encourage people to pick a long phrase as a password.
Image source: 1