general posted by

No More Numbers – what we thought we knew about best password practices was wrong

I know we talked about passwords earlier this week but here’s some news going forward: Forget random characters and numbers when making your password, turns out they don’t make your information any more safe than your pet’s name.

Bill Burr, the guy who was responsible for the standards we live by when it comes to passwords wants to take it all back. To be fair, he was working with the information that he had, 14 years ago. Turns out that characters, numbers, capital letters and even changing your password regularly doesn’t keep your information more secure, it just makes it harder for you to remember your password.

Instead of that, it turns out that a string of four words is the best practice. A random string is hard to crack but it is easy for people to remember. So next time your prompted to change your credentials at work, give that a try instead.

4 Comments

  • ..and ideally, not words that can be found in a dictionary – using your own kreative spelings provides one more layer in the onion of password security

    • A friend of mine used a non-English word as her password and the system wouldn’t accept it because it was “too weak”.

  • I’ll have to take your word for it – I hit a wsj paywall. Still, another article says that the reason he regrets the advice is because selecting difficult random strings was too hard for people and hence… they took shortcuts. His advice is still sound. Random alphaNumerics at a good length is still good advise.

    Nobody said you had to be able to remember the password. This is where the point of failure comes in. I have absolutely no idea what my passwords are. If I lose my protected password file, I lose access to my accounts. I’m much safer using complicated passwords and storing it locally, then clever passwords and using them for online services. Burr’s regret is that he didn’t take into account people’s laziness.

    • People are pretty lazy.

comments powered by Disqus

Side Advert

Write For Us

Personnel

Managing Editor:
Nigel Powell

Associate Editor:
Caitlyn Muncy
Associate Editor:
Dan Ferris
Ecological Editor:
Debra Atlas
Technology Editor:
Fritz Effenberger
Asian Editor:
Hu Ping
Reviews Editor:
Kevin Evans

FB Like Box