The Guy Who Made Passwords Annoying, Apologizes

{One of these passwords fits the guidelines currently in use; the other is actually more secure and easier to remember)


Bill Burr would like to apologize. A now retired manager at the National Institute of Standards and Technology wrote an eight-page guide to creating a good password, suggesting it should be a combination of letters and numbers and miscellaneous characters that few people ever remember without prompts -- or without doing a "forgot password" all the time. Yeah, Bill did that. So when you curse at a sign-in page because you can't figure out your password, or if it's a capital "Y" or a lowercase "i," you're cursing Bill in a roundabout way.

Poor guy.

He explained to the Wall Street Journal (paywall) that he wrote his guidelines in 2003 based on a white paper from the 80s, before the internet was even really a thing. And the math doesn't add up either. It's actually a lot easier to crack a shorter password -- even with all the special characters -- than it is to crack a password based on a string of words. Example: My horse dances on tables is a good password. It's easier for you to remember than kg^Fytbb254@, for example (not my password, don't even bother), and it's also far more secure. According to this Gizmodo article, it would take three days for a computer to crack the shorter password with the special characters. But it would take years to crack the string of words.

In other words, the passwords we use are very hard for humans to remember, but they are easy for computers to figure out. Oops.

We know this now, since we know a lot more about information security. But changing the way we do passwords is likely to take awhile. 



Want to know more about Mason? Get their official bio, social pages & articles on Mix 99.9! Read more


Content Goes Here