You Heard It Here First: The Man Who Wrote Those Pesky Password Rules Now Says ‘S0r^Y’

By Jeremy Del Nero on 10 August 2017
  • Share

A few months after the National Institute of Standards and Technology issued a draft of new password guidelines that argued against periodic password changing and imposing password complexity, Bill Burr, the man responsible for those complex rules, recanted.

“Much of what I did I now regret,” he told the Wall Street Journal when interviewed about his work.

As a manager at NIST in 2003, Burr wrote the eight-page document that became the gold standard for password managing, recommending the use of non-alphabetic characters and numbers as a substitution for a few letters yielding passwords that look more like “pA$sw0rd!s.” To add insult to injury, the document he authored recommended frequent password changes, as often as every 90 days.

Resembling a flock of sheep, large corporations, government agencies, and universities followed. However, it turns out that Burr wasn’t really a password expert; rather, he had just been assigned the task of writing “NIST Special Publication 800-63. Appendix A.” The only benefit that likely accrued from Burr’s work was for software engineers, who wrote programs and code that enforced the arbitrary rules.

Jonathan Spira, Frequent Business Traveler’s editorial director and a former tech industry analyst, has long advocated pass phrases (words grouped together without any spaces such as “mycomputerisonlinenow”) as being far more secure that something more along the lines of “se!cur1tYpA$s.”

As it turns out, millions of people didn’t follow Burr’s advice when it came to personal accounts on the Internet. This is why “123456,” “baseball,” and yes “password” are typically on the list of the most used passwords gleaned from hacked file dumps.

The new guidelines, announced in April and released in June, will take time to trickle down to most users but in the meantime, tAk3 C0mf0rT 1n Kn0w1nG tHa^ the password “password” wasn’t that much worse than “pA$sw0rd16” after all.

(Photo: Accura Media Group)

Accura News

Read previous post:
Hawaiian Airlines to Offer Travelers Two-Way Text Messaging for Customer Service

Hawaiian Airlines announced it will introduce a new communications channel for customer service, two-way texting. Texting in the airline industry...