Time to rethink your password

Some of the tips and tricks we use when creating a password may actually make us more vulnerable to hackers, according to the expert who originally designed password guidelines.

It turns out that using numbers and special characters may not offer you as much protection as you think.

The man who originally advised people to start putting numbers and special characters into their passwords was Bill Burr. Mr Burr worked for the National Institute of Standards and Technology, and back in 2003 produced an eight-page document suggesting people protect their accounts by using passwords with obscure characters, capitals and numbers.

Recently, the now retired Mr Burr told the Wall Street Journal that he may have got it wrong. He now believes his advice, including a suggestion that people change their passwords every 90 days, has contributed to people creating passwords that are easily hacked.

Mr Burr believes that his advice steered everyday computer users toward lazy mistakes and easy-to-predict practices.

“Much of what I did I now regret,” Mr Burr said. “It just drives people bananas and they don’t pick good passwords no matter what you do,” he said.

The problem with the advice is that most people use the same tricks of substituting letters for numbers or special characters, and hackers are able to target those specific weaknesses and build algorithms based on these preferences, allowing them to crack the code in a short time frame.

How ‘strong’ is your password?

Related articles:
How to create the perfect password
Best password managers
Is saving passwords in browsers safe?

Written by Ben


Researchers may have discovered a way to create perfect passwords

There's a poetic way to create a secure password that's easy to remember.

Best password managers

We've found five of the best password managers to help you keep your digital world secure.

Should I save passwords in my internet browser?

Is the convenience worth the potential risk?