general posted by

No More Numbers – what we thought we knew about best password practices was wrong

I know we talked about passwords earlier this week but here’s some news going forward: Forget random characters and numbers when making your password, turns out they don’t make your information any more safe than your pet’s name.

Bill Burr, the guy who was responsible for the standards we live by when it comes to passwords wants to take it all back. To be fair, he was working with the information that he had, 14 years ago. Turns out that characters, numbers, capital letters and even changing your password regularly doesn’t keep your information more secure, it just makes it harder for you to remember your password.

Instead of that, it turns out that a string of four words is the best practice. A random string is hard to crack but it is easy for people to remember. So next time your prompted to change your credentials at work, give that a try instead.

Donyae’s love for technology is based on a need to survive our future robotic overlords. Know thy enemy as you know yourself. But since even odds are on the zombie future, she has also learned how to prepare squirrel. You can find her on Facebook until the robots – or zombies – rise up.

Donyae Coles – who has written posts on The Red Ferret Journal.


  • ..and ideally, not words that can be found in a dictionary – using your own kreative spelings provides one more layer in the onion of password security

    • A friend of mine used a non-English word as her password and the system wouldn’t accept it because it was “too weak”.

  • I’ll have to take your word for it – I hit a wsj paywall. Still, another article says that the reason he regrets the advice is because selecting difficult random strings was too hard for people and hence… they took shortcuts. His advice is still sound. Random alphaNumerics at a good length is still good advise.

    Nobody said you had to be able to remember the password. This is where the point of failure comes in. I have absolutely no idea what my passwords are. If I lose my protected password file, I lose access to my accounts. I’m much safer using complicated passwords and storing it locally, then clever passwords and using them for online services. Burr’s regret is that he didn’t take into account people’s laziness.

    • People are pretty lazy.

comments powered by Disqus

Side Advert

DHgate Cheap electronics gadgets

FB Like Box


Managing Editor:
Nigel Powell

Deputy Editor:
Donyae Coles
Editor at Large:
Dan Ferris
Senior Ecological Editor:
Debra Atlas
Senior Motoring Editor:
Nick Johnson
Reviews Editor:
Simon Bossuyt

Write For Us

Red Ferret Video Reviews