Why online pa$$w0rds are probably useless
IT is a very modern irritation – trying to remember all the complicated passwords for everything from your laptop, to online banking and social media.
Now the man who is responsible for login codes being so complex has admitted that his original advice was wrong.
Bill Burr said people should not use obscure characters, capital letters and numbers or change passwords often as it does not make them secure.
He said: ‘In the end, it was probably too complicated for a lot of folks to understand very well.’
Many people struggle to recall the 19 passwords that each person typically has. Yet one in three of us cannot remember them because they are too complex.
Speaking to the Wall Street Journal, Mr Burr, 72, who is now retired, said he was largely to blame for the mess we are in.
In 2003 he was working as a mid-level manager at the National Institute of Standards and Technology in the US when he was asked to come up with password guidelines for the federal government.
Basing his work on research done in the 1980s – long before computers were used widely – he produced the dry sounding ‘NIST Special Publication 800-63 Appendix A’, which became the Bible on passwords. It said you should change your password every 90 days but people just changed a few digits which made it easy to guess, Mr Burr said.
He had hoped telling people to use a mix of letters, numbers, and lower and uppercase letters would create random words. Instead users chose passwords such as ‘Pa$$w0rd’ which were easy to guess and were used by many other people.
Mr Burr said of his advice: ‘It just drives people bananas and they don’t pick good passwords no matter what you do.’
The NIST rules were rewritten in June and say that long, easy to remember passwords are better. You should also only change your password if you think it has been compromised.
Cartoonist Randall Munroe has said it would take 550 years to crack the password ‘correct horse battery staple’ versus three days for ‘Tr0ub4dor&3’ – calculations that computer security experts have verified.
But surveys show the most popular are still ‘password’ and ‘123456’.
PayPal has reportedly tried developing a new generation of edible passwords that stay lodged in your stomach to let you log in wirelessly.
Other technology in the works allows users to log into devices with a facial scan instead of a password.