Author of password rules says he regrets complicated recommendations

Author of password rules regrets complicated recommendations

03:08 PM August 08, 2017


Image: stock photo

If you’ve never bothered changing your password or making it hard to remember, don’t worry—the author of those rules says he “regrets” ever recommending them.

With the intent of better security, sites have been abiding by Bill Burr’s guidelines published in 2003. Users were required to key in passwords with a combination of uppercase letters, numbers, and special characters and to change them every 90 days.


With internet users signing into multiple accounts, whether they’re emails or social media, remembering passwords has become too tedious.


Periodic password changes also make accounts less secure. When changing passwords, users tend to change only a number. Aware of this convenient albeit lazy move, hackers have taken advantage of this and use it in their password-cracking routines.

According to the Wall Street Journal, Burr, 72 is now revoking his recommendations: “Much of what I did I now regret.”

In 2016, new guidelines issued by the US National Institute of Standards and Technology state that instead of passwords, pass phrases are advised since they are both easy to memorize for humans and their length makes breaches more difficult for computers.

Passwords should also only be changed when there is a sign of breach.  Niña V. Guno /ra


The worst passwords of 2015 – is yours on the list?

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

TOPICS: online security, passwords
TAGS: online security, passwords

© Copyright 1997-2024 | All Rights Reserved

We use cookies to ensure you get the best experience on our website. By continuing, you are agreeing to our use of cookies. To find out more, please click this link.