It’s difficult to create a secure password. It’s tough to even make strong password, but most of the website you’ll visit mostly recommend combination of numbers, capitals and lowercase letters and special characters.
This was the advice of Bill Burr, a former manager at the National Institute of Standards and Technology (NIST) who wrote the book on password regulations in 2003.
Now, after 15 years later, in an interview with the Wall Street Journal Burr has admitted that he didn’t really know what he was doing at that time and the retired 72-year-old bureaucrat want to apologize.He is also very sorry.
Bill Burr told the Wall Street Journal recently that,” Much of what I did I now regret.”
The burr’s documents’ advice that passwords should be made of irregular capitalization, number and special characters, was widely accepted by every sectors, like governments, educations, and banks. The problem is that these pieces of advice are not worth and lead to passwords that are easy to crack.
But, the NIST is currently restoring these guidelines and they’ve just been finalized. IT departments should only change passwords when there’s been some kind of security problem. Otherwise the changes we make are often additional. When people change their password after 90days, they just change one character. That makes the scale of passwords improbably worthless; this mechanism actually harms security rather than improving it.
Another recommendation is to promote long words, rather than short passwords. Adding artificial password restriction produced less secure passwords.
Of course, all of this is pointless if you don’t care about having a strong and good password in the first place.