Author of password rules regrets complicated recommendations

1
Password

Image: INQUIRER.net stock photo

If you’ve never bothered changing your password or making it hard to remember, don’t worry—the author of those rules says he “regrets” ever recommending them.

With the intent of better security, sites have been abiding by Bill Burr’s guidelines published in 2003. Users were required to key in passwords with a combination of uppercase letters, numbers, and special characters and to change them every 90 days.

With internet users signing into multiple accounts, whether they’re emails or social media, remembering passwords has become too tedious.

Periodic password changes also make accounts less secure. When changing passwords, users tend to change only a number. Aware of this convenient albeit lazy move, hackers have taken advantage of this and use it in their password-cracking routines.

According to the Wall Street Journal, Burr, 72 is now revoking his recommendations: “Much of what I did I now regret.”

In 2016, new guidelines issued by the US National Institute of Standards and Technology state that instead of passwords, pass phrases are advised since they are both easy to memorize for humans and their length makes breaches more difficult for computers.

Passwords should also only be changed when there is a sign of breach.  Niña V. Guno /ra

RELATED STORIES:

The worst passwords of 2015 – is yours on the list?

Read more...