+ry Ag@in!

Bill Burr wrote the book on password management.

Now, he’s got some regrets.

His 2003 report for the National Institute of Standards and Technology recommended using numbers, obscure characters and capital letters and updating passwords regularly.

More than a decade later, the biggest argument against Mr. Burr’s prescriptions: They haven’t worked well.

Hackers have stolen and posted online hundreds of millions of passwords. Those postings have given researchers the data they need to take a hard look at how people’s passwords fare against the tools hackers used to break them.

Their conclusion? While we may think our passwords are clever, they aren’t.

New guidelines from the NIST drop the password-expiration advice and the requirement for special characters. Those rules did little for security—they “actually had a negative impact on usability,” said Paul Grassi, an NIST standards-and-technology adviser.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s