The guy behind password rules says he was wrong to make them so hard

When Bill Burr published a set of recommendations and standards around creating secure passwords in 2003 it became the Bible for how to create a secure one.

Having strong password security is like eating healthily; we all (hopefully) know we should be doing it but we never quite commit. The perennial problem of password security made simple:

That was the rule that you should create passwords with random capitalisation and strange characters to be more secure.

Now he says he is sorry for making it so hard.

Burr told The Wall Street Journal

Much of what I did I now regret. In the end, [the collection of guidelines] was probably too complicated for a lot of folks to understand very well, and the truth is, it was barking up the wrong tree.

So for example, “Tr0ub4dor&3” looks like it is complicated but in reality has a predictable number and symbol placement. It would take three days to crack that.

Random words like “correct horse battery staple” would take 550 years to crack.

And regularly changing  passwords results in people adding characters like ! and ?  so as not to spend too much time trying to remember the password.

Oh dear. After capitalised, this and added all sorts of things to keep it real.

Your IT guy will still insist you do the thing though.

With information from alphr

PIC: harvest316 via / CC BY-NC-SA

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 14,175 other subscribers