Man Who Recommended Complex Passwords Admits He Was Dead Wrong

unsafe passwords

Fourteen years ago, Bill Burr showed people how to create a password with the combination of alpha numeric and special characters for better security. Now, after retirement, he realized that his advice on password creation was incorrect and not as safe as he thought it would be. Instead, the pattern he suggested actually makes it easier to hack passwords.

Bill Burr was a manager at the U.S. National Institute of Standards and Technology (NIST) when he authored a guide on how to create a password to protect computers and digital accounts, with what he believed to be hard-to-guess passwords.

He has now admitted that the guidelines he first published in 2003 were incorrect, as it led users to create passwords that could easily be cracked by hackers, such as Chart123@! Also, he recommended changing the password every ninety days, and most of them followed by just substituting one change so it would be easy to remember.

Burr admits that the pattern he recommended is hard for humans to remember but easy for the computer to guess. The combination he suggested made computers less secure, as the user would end up using some pattern that was easy to remember, and generally applied a simple algorithm to change it each time.

Hackers can easily crack the pattern followed by the user and build them into their scripts.  Even if the user picks a random number in the middle, it will hardly help, as hackers often use brute-force cyber attacks, in which a computer cycles through every possible combination of characters to guess a password.

Cartoonist Randall Munroe found it would take 550 years to crack ‘correcthorsebatterystaple’ where as the password ‘Tr0ub4dor&3’ – which was previously considered strong by Mr Burr’s calculations – could be hacked in three days.

Recent findings by experts say that long passwords or simple four letter passwords are much harder to crack than those with mixed characters and numbers.

Experts now advise users to use long or short, but easy-to-remember “passphrases”, a sequence of words that do not need to feature special characters or numbers.

Best Password Manager

Thanks for visiting. Please support 1redDrop on social media: Facebook | Twitter

Source 1 | Source 2