An end to password frustration?
So now you tell us. In 2003, Bill Burr wrote the rules for password security for the U.S. National Institute of Standards and Technology, urging computer users to change passwords every 90 days and create such intricate passwords that even the world’s fastest supercomputer would overheat trying to decipher them.
Burr, however, recently confessed to The Wall Street Journal that this digital keyboard dance has caused endless frustration. He is among a chorus of security experts who now say that a simple, natural-language sentence — for example, “It is a lovely day in Spain,” is a better password than the tortured, numbers-letters-and-wingdings combinations we are burdened with remembering. “The truth is, it was barking up the wrong tree,” he says.
Unfortunately, his mea culpa comes a bit too late for us. We’ve wasted years of our lives changing passwords, not because we’re security freaks, but mostly because we can’t remember those impossible combinations. Humanity, says computer expert Cormac Herley, a researcher at Microsoft, spends the equivalent of 1,300 years each day typing in passwords. Holy cow!
Password security is important, given the many high-profile corporate and social-media hacks of supposedly secure computer networks, and complex combinations can be effective deterrents. But the trade-off is between passwords that are easy for others to guess and passwords that are impossible for us to remember. And when we can’t remember, we tend to do stupid things, like writing complex passwords on sticky notes on our computer monitors.
If it seems like we are always fighting the last war. A password that would have taken more than three years to crack in 2000 might have taken about a year to crack in 2004. Five years later, the same password could be broken in just four months, and now it could be decoded in a matter of weeks. But how could Burr have known that he would be responsible for so much global cussing and frustration for so little security in return? Back then, scant research existed on passwords; mind-numbing sequences seemed like the best solution.
Experts predict that passwords as we know them will eventually give way to biometrics like fingerprint sensors and face-recognition technologies found on some smartphones and consumer products. And who knows what after that?
We can’t wait to see it happen. And soon.
Rhinestone Cowboy real diamond
America lost troubadour Glen Campbell, 81, on Tuesday in Nashville. Some of the songs that made Campbell famous constituted part of the soundtrack of Americans’ lives.
The son of an Arkansas sharecropper, Campbell sang from his not-easy life experience, which included poverty, alcohol-and-drug abuse and three divorces, as well as performing success. Campbell was a consummate musician. He played guitar, banjo, mandolin and bass and apparently had perfect pitch, even though he couldn’t read music.
In his final years, Campbell suffered from Alzheimer’s disease. But he turned that into a public service, continuing to perform and demonstrating full frankness about that awful disease. In the process, he called attention and research money to it.
Glen Campbell will remain gentle on our minds.