Author of password rules regrets complicated recommendations

03:08 PM August 08, 2017

Image: INQUIRER.net stock photo

If you’ve never bothered changing your password or making it hard to remember, don’t worry—the author of those rules says he “regrets” ever recommending them.

With the intent of better security, sites have been abiding by Bill Burr’s guidelines published in 2003. Users were required to key in passwords with a combination of uppercase letters, numbers, and special characters and to change them every 90 days.

With internet users signing into multiple accounts, whether they’re emails or social media, remembering passwords has become too tedious.

Periodic password changes also make accounts less secure. When changing passwords, users tend to change only a number. Aware of this convenient albeit lazy move, hackers have taken advantage of this and use it in their password-cracking routines.

According to the Wall Street Journal, Burr, 72 is now revoking his recommendations: “Much of what I did I now regret.”

In 2016, new guidelines issued by the US National Institute of Standards and Technology state that instead of passwords, pass phrases are advised since they are both easy to memorize for humans and their length makes breaches more difficult for computers.

Passwords should also only be changed when there is a sign of breach. Niña V. Guno /ra

Your subscription could not be saved. Please try again.

Your subscription has been successful.

TOPICS: online security, passwords

Author of password rules regrets complicated recommendations

Disclaimer: Comments do not represent the views of INQUIRER.net. We reserve the right to exclude comments which are inconsistent with our editorial standards. FULL DISCLAIMER

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved