Password Security Advice Is Now Viewed As Incorrect

August 9, 2017

© Jakub Jirsák | Dreamstime

It happens about every 90 days, you have to come up with a new computer password.  It must contain at least a number and a character (such as a !). It's been a standard practice for all government and most business computer terminals.  But it appears that is not the most secure way to keep hackers out.  The practice of using letters, numbers and special characters dates back to 2003, when Bill Burr worked for the National Institute of Standards and Technology.  In a report he created, he urged people to add exclamation points, dollar signs and the like to their passwords and to change them every 90 days or so.  But after a decade of relentless password changes and attacks from scammers, the retired government workers says he was wrong in his report. A new report from the National Institute of Standards and Technology says it is better to use a long, easy-to-remember string of words and to only change your password if security has been breached. Bolstering this new policy is the quickness hackers can access passwords; such as using zeros for the letter O and capitalizing the first letter of a password.  An example is the password Tr0u3!# (where the T is capitalized, zero substituted for o, 3 substituted for the first B and the hashtag for the second b-which is 3 and the shift button pressed) can be deciphered in about three days.  While "trouble is my two year olds uncle living in Paris Texas with a whale" would take about 550 years to decipher.  The new policy encourages longer passwords which take longer to break. TO his credit, Burr owns up to his misguided advice, however many are cutting him some slack as he had very little info to work on back in 2003.  Although many people use password managers to generate their various passwords, your master password should now be a long, easy-to-remember string of words.

SOURCE: The Verge

See and hear more from the 98.5 KTK Morning Show

98.5 KTK Morning Show Podcast