The Register Citizen (Torrington, CT)
Better Business Bureau has easy tips for safe passwords
“So the combination is... one, two, three, four, five? That’s the stupidest combination I’ve ever heard in my life! That”s the kind of thing an idiot would have on his luggage!” — from the movie “Spaceballs”
With all respect to the great Dark Helmet, it’s hard to come up with a safe security combination and possibly even harder to come up with a safe password for email and other sites. But the Connecticut Better Business Bureau has some great news for consumers who are overwhelmed by creating uncrackable passwords. The existing standards for strong passwords recommend the use of a combination of upper and lower case letters, digits and symbols.
However, no less than the man wrote the original whitepaper outlining these standards, Bill Burr, who is now retired, told the Wall Street Journal that he got the formula wrong, and that existing recommendations for strong passwords were ill-conceived and not necessary. Also, it’s a pain in the neck to create those passwords, said Connecticut Better Business Bureau spokesman Howard Schwartz.
“Consumers find creating of a strong passwords tedious and complicated, and the passwords are difficult to remember,” Schwartz said. “That is likely why many consumers reuse the same password for multiple sites. The existing recommendations are old and based upon old outdated advice.”
One publication did the math and came to the conclusion: Keep it simple.
“Tr0ub4dor&3” is considered to be a weak password that could be broken within as few as three days. On the other hand ,“Correct Horse Battery Staple” could take 550 years to hack. It is comprised of random, easily-remembered words. That’s what is considered to be the best practice right now.
Another area that Burr said he was wrong about was his recommendation to change passwords on a monthly basis or several times a year. He now says there is no reason to change passwords unless they are compromised in a data breach.
To make the entire process less complicated, there are paid and free versions of “password management” programs. When you visit a site, the software asks if you’d like to save the login and password, and it can fill those fields the next time you visit the site. These programs can also generate passwords for you, eliminating the need to do so yourself.
It is risky to use the same password for more than one account or website. If your information is ever compromised, hackers will try the combination on a number of popular sites.
An easier solution to the login/password combination is not far away. The next step will involve biometrics, such as using authentication by fingerprint, eye scanning or facial recognition.
You will find additional helpful information on safe computing at bbb.org.