Some of the tips and tricks we use when creating a password may actually make us more vulnerable to hackers, according to the expert who originally designed password guidelines.
It turns out that using numbers and special characters may not offer you as much protection as you think.
The man who originally advised people to start putting numbers and special characters into their passwords was Bill Burr. Mr Burr worked for the National Institute of Standards and Technology, and back in 2003 produced an eight-page document suggesting people protect their accounts by using passwords with obscure characters, capitals and numbers.
Recently, the now retired Mr Burr told the Wall Street Journal that he may have got it wrong. He now believes his advice, including a suggestion that people change their passwords every 90 days, has contributed to people creating passwords that are easily hacked.
Mr Burr believes that his advice steered everyday computer users toward lazy mistakes and easy-to-predict practices.
“Much of what I did I now regret,” Mr Burr said. “It just drives people bananas and they don’t pick good passwords no matter what you do,” he said.
The problem with the advice is that most people use the same tricks of substituting letters for numbers or special characters, and hackers are able to target those specific weaknesses and build algorithms based on these preferences, allowing them to crack the code in a short time frame.
How ‘strong’ is your password?