Man responsible for strong password requirements regrets his 2003 guidelines

strong password
The man responsible for your requirement to use a combination of lower-case letters, upper-case letters, numbers, and symbols in passwords at least eight characters long is now regretting his advice. Former National Institute of Standards and Technology manager Bill Burr recently admitted in an interview with The Wall Street Journal that his 2003 document about crafting strong passwords and changing them every 90 days was somewhat off the mark.

At the time, he said that users will choose an easily remembered, easily guessed password, and likely one stemming from a batch of “a few thousand commonly chosen passwords.” In turn, hackers trying to gain access to user accounts, computers, and so on would try the most likely chosen passwords first. But even though services would reject specific passwords given their common use, Burr suggested a more secure alternative.

On page 52 of the 2003 document, he clearly states that systems should rely on a password of eight characters or more that are selected from an alphabet of 94 printable characters. This password should also include at least one upper case letter, one lower case letter, one number, and one special character. Systems should even rely on a dictionary that prevents users from including familiar words and using their login name as the password too.

The problem with this method is that users tend to have patterns when creating a password. For instance, they may take a familiar word, such as “password,” and alter it slightly to meet the requirements. The result could be something like P@zzwurd2017, which isn’t all that original, and something we conjured up in a matter of seconds.

Right now, systems give users a thumbs-up when they follow the current standard and even provide a visual measurement tool indicating the password’s strength against hacking. But then users are requested/forced to change their password every 90 days, thus they may use the same base word, but alter the character usage to please the update process (such as P@ssw0rd2K17).

When the guidelines were created in 2003, they were not based on collected data. System administrators would not cough up any passwords for examination, thus Burr turned to a whitepaper published in the 1980s — long before the general American population purchased a modem and jumped onto the world wide web using Netscape or America Online.

Fast forward to 2017, and the National Institute of Standards and Technology provides new guidelines for systems to follow. Authored by technical adviser Paul Grassi, it tosses out much of what Burr established years ago. But Grazzi admits that Burr’s system lasted for 14 years, and hopes that his revised password ruleset lasts just as long. He suggests that systems remove the 90-day password refresh and the requirement for special characters.

Ultimately, the best practice for everyone is to throw out familiar, easily linked ideas, such as the name of your favorite movie or pet. Instead, create a phrase of words that doesn’t make much sense, and does not include spaces. Password managers like LastPass are helpful too when you are required to remember a multitude of unique passwords across dozens of services.


Secure your Excel documents with a password by following these quick steps

Excel documents are used by people and businesses all over the world. Given how often they contain sensitive information, it makes sense to keep them from the wrong eyes. Thankfully, it's easy to secure them with a password.
Home Theater

The seven best TVs you can buy right now, from budget to big screen

Looking for a new television? In an oversaturated market, buying power is at an all-time high, but you'll need to cut through the rough to find a diamond. We're here to help with our picks for the best TVs of 2019.

Protecting your PDF with a password isn't difficult. Just follow these steps

If you need to learn how to password protect a PDF, you have come to the right place. This guide will walk you through the process of protecting your documents step-by-step, whether you're running a MacOS or Windows machine.

Still have holiday cash to blow? Grab one of these awesome Xbox One games

More than four years into its life span, Microsoft's latest console is finally coming into its own. From Cuphead to Halo 5, the best Xbox One games offer something for players of every type.

From Air to Pro, here are the best MacBook deals for January 2019

If you’re in the market for a new Apple laptop, let us make your work a little easier: We hunted down the best up-to-date MacBook deals available online right now from various retailers.

Change your mouse cursor in Windows with these quick tips

The standard mouse cursor is boring, so change it! With this guide on how to change your mouse cursor in Windows, you can choose to use one of Microsoft's pre-installed cursors or download something a bit more extravagant.

Go hands-free in Windows 10 with speech-to-text support

Looking for the dictation, speech-to-text, and voice control options in Windows 10? Here's how to set up Speech Recognition in Windows 10 and use it to go hands-free in a variety of different tasks and applications within Windows.

Printing to PDF in Windows is easy, no matter which method you use

Microsoft's latest operating system makes it easier than ever to print to PDF in Windows, but there are alternative methods for doing so, even if you want to forgo Adobe Acrobat. Here's how.

Changing a PDF into an EPUB file is easier than you might think

If you like to read on a tablet or ebook reader, you'll find that ePUB files offer a number of advantages over PDFs. With this guide, we'll show you how to convert a PDF to EPUB in a few quick steps.

Need to combine a PDF? Here's how to get it done on both Windows and Mac

Sometimes juggling multiple files at once is more of a hassle than a convenience, especially when a single file would do. This quick guide will teach you how to combine PDF files on Windows, MacOS, or with online tools.

Don’t even bother with the rest. Here are the only laptop brands that matter

If you want to buy your next laptop based around a specific brand, it helps to know which the best brands of laptops are. This list will give you a good grounding in the most reliable, quality laptop manufacturers today.

Style up your MacBook Air with one of these great cases or sleeves

Whether you’re looking for added protection or a stylish flourish, you’re in the right place for the best MacBook Air cases. We have form-hugging cases, luxurious covers and padded sleeves priced from $10 to $130. Happy shopping!

Getting Windows 10 updated doesn't have to be so painful

Windows update not working? It's a more common problem than you might think. Fortunately, there are a few steps you can take to troubleshoot it and in this guide we'll break them down for you step by step.

Reluctant to give your email address away? Here's how to make a disposable one

Want to sign up for a service without the risk of flooding your inbox with copious amounts of spam and unwanted email? You might want to consider using disposable email addresses via one of these handy services.