Don't you just hate typing a unique password that includes a capital letter, a number, and a symbol? Then the computer tells you it's not strong enough? Don't you hate having dozens of passwords that you cannot remember? How would you feel if you knew doing all that was useless and didn't have to be done that way after all?
CBS aired a report on Wednesday, August 9 about creating passwords. The password guru who told us to create passwords that way confessed he was wrong. The guidelines he advised and used himself were not valid, and the rules for passwords have been revised.
Wrong advice
Bill Burr wrote the official guidelines for government employees over fourteen years ago. He now apologizes for giving the wrong information. He has learned what he told people about passwords was the opposite of what should have been told. Using a password with a capital letter, symbols, and a number is easier for people to hack than a phrase or a short sentence that the user can remember. In other words, TODAYISTHURSDAY is much better than 723&3T4!*G$\#ET3425 and certainly is easier to remember.
New recommendations
People were advised to use upper- and lower-case letters and to use different passwords on every website and for every account. Experts have lived by these rules. However, that advice has been all wrong.
In fact, the password guidelines often invite hackers instead of making it hard to figure out passwords based on those rules. Those complex passwords also lead to security risks.
The author of the guidelines for computer passwords says he now regrets some of the tips he gave. It is more effective to use long passwords that are phrases or something you can remember than to use lots of funny characters.
Burr is now retired, but a couple of months ago, he helped rewrite the guidelines.
Burr says changing your passwords too often may do more harm to security instead of improving it. The revised guidelines no longer suggest that Computer Users should change passwords frequently. That's because people usually make only minor changes to their already-existing passwords.
For instance, they may change "elephant1" to "elephant2" which makes it easy for hackers to figure out.
According to the Daily Mail, longer passwords with at least four or more words in a phrase or sentence are much safer because they are harder to crack than a shorter combination of letters, numbers, and symbols. An example was given that it would take more than 500 years to crack "correcthorsebatterystaple." On the other hand, a password such as "Tr0ub5dor&4" that once was thought to be safe, but could actually possibly be hacked in as few as three days. A sentence or phrase is safer because while it might make sense to the user, it will not make sense to a hacker.