We’ve all been thru setting up a password and told to use upper and lower case letters, special characters, symbols and numbers. They can be annoying and make passwords difficult to remember.
Well you have a man named Bill Burr to thank for this concept. In 2003 Bill was a manager at the National Institute of Standards and Technology (NIST). He created a guide on how to create secure passwords, known as the “NIST Special Publication 800-63. Appendix A.”
Ever since then software and websites have relied on the suggestions of this document to create secure passwords. The only trouble is that when Mr. Burr wrote this document he was not well versed in computer security practices. The core idea is that a short password made up of random characters and symbols would be much harder to break down than a short password that’s more human friendly. And while that does hold true, short random passwords are not as secure as once thought.
Even though Mr. Burr has admitted that he now regrets most of what he did, it’s not all his fault. Fifteen years ago, we all knew much less than what we know now about what it takes to crack passwords.
The best passwords are long passwords that can be easily remembered phrases instead of shorter passwords with a random use of characters.
- Example: P@55w0rd would take between 9 and 24 hours to brute force or solve.
- Example: MonkiesdrivecarsonThursdays would take 17 octillion years to brute force
While including upper and lower case, numbers and symbols can help secure a password, ultimately password length with a minor mixture of randomness creates the most secure passwords.
No matter how secure your passwords are it’s always a good idea to change them routinely (at least once a year). And using a more human-friendly long password will take some of the sting out of remembering all new passwords again.