Published: Wed, August 09, 2017
Hi-Tech | By Grace Becker

The password king admits that 'p@ssw0rd1' is a bad password

The password king admits that 'p@ssw0rd1' is a bad password

In an 8-page guide, he decreed that passwords should be made from unusual mixes of capital and lowercase letters, numbers, and symbols, and that they should be changed regularly. In what could be a prime case for "too little, too late", Burr now says that he's sorry for putting us all through password hell.

To be clear, the 8-page password advice he created while working in middle management at the National Institute of Standards and Technology is one of the leading reasons many current passwords can be such a pain to remember.

The document, "NIST Special Publication 800-63".

They now advise people use long but easy-to-remember "passphrases", a sequence of words that do not need to feature special characters or numbers. You can thank former National Institute of Standards and Technology manager Bill Burr, who came up with these rules back in 2003 when writing the password guidelines which many organisations now treat as gospel.

Gone is the advice to change your password every 90 days and the requirement for "obscure characters, capital letters and numbers".

Not going to run scared from North Korea: Nikki Haley
Indeed, North Korea has been diligent about testing its nuclear weapons, especially its intercontinental ballistic missiles. As NPR's Michele Kelemen reports , the us has struggled to get other countries to follow through on sanctions.

Of course, like many experts and even Mr. Burr himself acknowledge, these security measures did not turn out as safe as expected.

Burr's original guidelines were published almost 15 years ago, when he worked at the National Institute of Standards and Technology. Complex passwords are hard to remember, they add, while users end up using the same one repeatedly on different websites, or writing them down on Post-it notes.

In the eight-page primer, Burr recommended that people use non-alphabetic symbols in passwords to make them hard to guess.

The guidance also addresses password length, suggesting users be required to pick one that is at least eight characters in length, while the system should support passwords at least 64 characters in length.

"In the end, it was probably too complicated for a lot of folks to understand very well, and the truth is, it was barking up the wrong tree", said the now retired 72-years-old Burr. Changing Pa55word!1 to Pa55word!2 doesn't keep the hackers at bay. They initially thought it would be a quick edit, but they ended up starting over from scratch. Instead, string a few words together, such as "bananamilkshakeisthebest".

Like this: