fbpx
March 28, 2024

Slashdot: The Man Who Wrote the Password Rules Regrets Doing So

The Man Who Wrote the Password Rules Regrets Doing So
Published on August 08, 2017 at 06:10PM
New submitter cdreimer writes: According to a report in The Wall Street Journal (Warning: source may be paywalled, alternative source), the author behind the U.S. government’s password requirements regrets wasting our time on changing passwords so often. From the report: “The man who wrote the book on password management has a confession to make: He blew it. Back in 2003, as a midlevel manager at the National Institute of Standards and Technology, Bill Burr was the author of ‘NIST Special Publication 800-63. Appendix A.’ The 8-page primer advised people to protect their accounts by inventing awkward new words rife with obscure characters, capital letters and numbers — and to change them regularly. The document became a sort of Hammurabi Code of passwords, the go-to guide for federal agencies, universities and large companies looking for a set of password-setting rules to follow. The problem is the advice ended up largely incorrect, Mr. Burr says. Change your password every 90 days? Most people make minor changes that are easy to guess, he laments. Changing Pa55word!1 to Pa55word!2 doesn’t keep the hackers at bay. Also off the mark: demanding a letter, number, uppercase letter and special character such as an exclamation point or question mark — a finger-twisting requirement.” “Much of what I did I now regret,” Bill Burr told The Wall Street Journal. “In the end, [the list of guidelines] was probably too complicated for a lot of folks to understand very well, and the truth is, it was barking up the wrong tree.”

Read more of this story at Slashdot.

%d bloggers like this: