RALEIGH, N.C. (WNCN) – Passwords. They are now as much a part of our life as brushing our teeth or eating.http://wncn.com/2017/08/21/password-creation-guru-regrets-his-advice/
But they are also a pain in the neck to remember and there’s always the worry they’ll be hacked.
Now, it turns out everything we knew about passwords is wrong.
When you create or change a password there are all sorts of rules you have to adhere to depending on which organization requires the password be it a bank, your credit card firm or your company.
Password requirements can include mandates to use caps, add a number, use a special character in middle, or warnings that you can’t repeat a password for 6 months. It can be annoying.
“It frustrates everybody – me included,” says Bill Burr, who is considered the father of the modern password.
Fourteen years ago, Burr basically wrote the rules for the National Institute of Standards Technology saying we should pick random password combinations and change them often.
It turned out to be advice that morphed out of control.
“I have 200 passwords. I can’t remember them all,” says Burr.
Those random strings of letters and numbers are not only tough to remember but experts say they are apparently easier to hack than a password that contains a phrase.
For example, hacking software can figure out strings of random letters and numbers, but it’s much harder for that software to decode a phrase that only means something to you.
Security experts say another problem that with Burr’s original password concept is in the frequency changing of them.
Tech experts found those changes forced many people to create easy to crack passwords as well as passwords that folks only slightly alter each time they create a new one.
“It’s probably better to do fairly long passwords phrases that you can remember than to let people do lots of funny characters that one of the things,” says Burr.
And the government agrees.
NIST recently rewrote the guidelines to reflect the thinking that phrases make better passwords.
As for Burr, he says he has regrets about his original password ideas.
“I could have done a better job of figuring out some of the things that we now know or at least of guessing them,” he said.
If you’d like to read the new NIST password Guidelines in detail you can click this link.
Email CBS North Carolina’s Steve Sbraccia if you have a consumer issue.