PASSWORD RULES WRONG
NO MORE ANN0Yi%INg PASSWORDS
In 2003, the National Institute of Standards and Technology said passwords should contain upper and lower case letters, a number, a special character, and should be changed frequently. Many services insist you follow this format, leading to passwords that are difficult to rEm3mB%r. Bill Burr, the man behind the rules, has confirmed what many argue is correct: it’s about password length. Four random words are more difficult to crack, and easier to recall. NIST has issued new guidelines, which also suggest not changing passwords unless a security breach is suspected.
The old system created passwords that were cryptographically weak, but hard to use. “Much of what I did I now regret,” said Bill. To be fair, it was also our fault; we used common number substitutions, and simple base words. Don’t get too blasé, though— “mynewpassword” is still not good.