A VIEW FROM
There’s no doubt, the future is technology.
Technology doesn’t make mistakes like us all-toofallible humans do.
For instance, take the passwords necessary to access our computers.
Humans would pick passwords that were too easy to crack, right?
But thanks to technological guidelines, passwords are now virtually uncrackable. Well, not exactly. The man who defined the original rules for password safety now says he got it all wrong.
That, actually, all he did was make passwords easier to crack.
In 2003, Bill Burr was a manager at the National Institute of Standards and Technology.
He issued an eight-page document: “NIST Special Publication 800- 63 Appendix A”.
It was subtitled ‘Estimating Password Entropy and Strength’.
It’s the advice we’ve all become familiar with as the rules for creating passwords. A password should include at least one capital letter. A password should include at least one symbol. A password should include at least one number. A password should be changed every 90 days. His advice was adopted by most academic institutions, government bodies and large corporations.
Our password strength is automatically judged against these guidelines. But Bill Burr now says these were totally wrong. Because not only did these rules make passwords difficult for humans to remember.
These rules actually made passwords easier for algorithms to crack.
The Wall Street Journal had its computer security specialists check this out.