P@$$w0rD5 should be simple
Academics suggest the use of a simple series of words instead of a shorter, strange formation of words, various characters, or numbers for improving account security
Online authentication means requirement of a password. In theory, passwords prove to the system that you are yourself. Be it anywhere: Facebook, Twitter or Gmail, you need one. But it has become an irritant in today’s online life as choosing the right password can get tedious. Back in 2003, Manager of the National Institute of Standards and Technology (NIST), Bill Burr published an 8-page primer, advising people to protect their accounts with passwords consisting of awkward formation of words with unpredictable characters, signs and numbers and even change them on a regular basis, in order to ensure its strength. This book on password management soon became the go-to guide on password security. Fourteen years later, Burr has come to a conclusion that ‘his guidance was totally wrong’.
“Much of what I did I now regret,” 72-year-old Burr, who is now retired, told the Wall Street Journal. His advice of changing passwords every 90 days stands largely incorrect, as most people usually make minor changes, such as altering one or two characters, which are very easy to guess as well.
For example, changing from ‘Pa$$word1,’ to ‘Pa$$word2.’ When Burr initially published the guidance, he did not have access to real-world password data. He tried approaching NIST, with a request to access actual passwords on their networks but they refused. “In the end, it was probably too complicated for a lot of folks to understand very well, and the truth is, it was barking up the wrong tree,” he explains.
Now learned academics these days now suggest that using a simple series of words can be harder to crack, than a shorter, stranger formation of characters. Authorities even began advising companies to stop resetting their passwords, citing the inconvenience that the whole process created. US-based NIST’s password guidelines have now received a thorough update. People are now being advised to use long but easy-to-remember ‘passphrases,’ that does not necessarily feature special characters or numbers. For example, ‘rabbit carrots table saddle ,’ would be much harder to crack compared to, ‘P@55w0rd.’ Moreover, users are advised to change their passwords only if there is a sign that indicates that the passwords might have been stolen or altered as such.
“By simplifying your organisations approach to passwords, you can reduce the workload on users, lessen the support burden on IT departments, and combat the false sense of security that unnecessarily complex passwords can encourage to do,” Ciaran Martin, Director General for Government and Industry Cyber Security.
Pick the right password and avoid reusing passwords: You obviously have more than just one account. It’s generally advisable to just choose different passwords for different accounts in order to ensure maximum security for the account.
Do not combine or mix upper/lower case: For years, users are advised to combine upper and lower case characters and form their passwords. But, it is discovered that they are more easily cracked than you can imagine.
String a few words together: Choosing a longer password does not mean you must make use of a word that has more characters. Instead, string a few words together, such as“banana milk shake is the best .”
Make use of a password manager: There are a lot of reliable options online that you can choose from, in order to generate secure passwords. They come handy especially if you don’t want to spend too much time selecting the right password.