You might want to change your passwords: Here's why

You might want to change your passwords: Here's why

All of the advice you have received for more than a decade about creating passwords is wrong, according to the guy who wrote the rulebook on passwords.

"The effect of the advice that I gave on wasn't what I had intended, and it tends to drive people insane", Burr, 72, told As It Happens guest host Rosemary Barton.

Mr Burr, author of "NIST Special Publication 800-63".

The reason changing a password frequently does not help is because when most people make minor tweaks such as replacing the number 1 with a number 2.

The 72-year-old outlined what has become password Gospel while working for the National Institute of Standards and Technology in 2003.

The new guidelines will drop not only the password expiration advice, but also a requirement for using special characters, Grassi noted, while adding they "actually had a negative impact on usability".

"In the end, it was probably too complicated for a lot of folks to understand very well", Burr says.

String a few words together: Choosing a longer password does not mean you must make use of a word that has more characters. People often change just one character of their password if the platform allows it, completely defeating the objective of the requirement in the first place.

"I'm sure that in your experience you've found that changing them often is a real problem", says David Gerhard, a professor of computer science at the University of Regina. We hope that with more publicity about how risky it is to use weak passwords, more people will take steps to strengthen their passwords and, most importantly, use different passwords for different websites.

In the paper, Burr recommended that in creating passwords, people should use tricks like random capitalization and special characters.

The guidance also addresses password length, suggesting users be required to pick one that is at least eight characters in length, while the system should support passwords at least 64 characters in length.

We have all heard the recommendations: Use complicated passwords. He had asked NIST's computer security experts for passwords as a case study, but they did not comply.

"Widely regarded as unsecure, passwords and PIN numbers are becoming a thing of the past as they can be copied, stolen, guessed or shared easily".

London-based IT security expert Kevin Wharram said: 'You shouldn't have to keep changing your password'.

It's tough to create a good, secure password.

And you're supposed to change it every 90 days.

Related news: