May 7, 2021

Knews

Your News Buddy

Getting passwords that are right for you and your business

You probably haven’t heard of National Institute of Standards and Technology (NIST) Special Publication 800-63, Appendix A. But you use its contents from your first online account and password until now. That’s because, in it, you’ll find the first password rules as it requires a combination of a lowercase and lowercase letter, a number, and a special character – and the recommendation of changing your password every 90 days. .

There is only one problem. Bill Burr, who originally set up these policies, thinks he blew it. “Most of what I did I regret,“Burr said to Ang Wall Street Journal a few years ago.

Why? Because most people won’t bother to make significant changes when it’s time to update the password. For example, instead of “Abcdef1?” we changed it to “Abcdef1!” then “Abcdef.” and so on and so forth.

Because we hate these policies, we end up using them completely lame passwords such as “123456” and “password” instead. Any ordinary cracking program will take less than a second to break any of them. You can also not use a password.

And, if you do it “right,” you end up with passwords that are too hard to remember. I remember semi-arbitrary strings like xkcd936! EMC2; not capable of most people.

Instead, both NIST and cartoonist Randall Munroe have a better idea: Use passphrases instead of passwords. A passphrase, such as “ILoveUNCbasketballin2021!” is both easy to remember, and even if it contains real words, it’s pretty hard to crack.

Copyright © 2021 IDG Communication, Inc.