Thank you!

We have emailed you a PDF version of the article you requested.

Can't find the email?

Please check your spam or junk folder

IFLScience Home
IFLScience logo

"Your Password Doesn't Need To Be So Complicated"

Complete the form below and we will email you a PDF version

You can unsubscribe at any time. View ourprivacy policy and terms below.

IFLScience needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at any time.

For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out ourPrivacy Policy

Advertisement

technologyTechnology
clockPUBLISHED

Your Password Doesn't Need To Be So Complicated

author

Jonathan O'Callaghan

author

Jonathan O'Callaghan

Senior Staff Writer

BookView full profile

BookRead IFLScience Editorial Policy

Senior Staff Writer

kpatyhka/Shutterstock

Your password is probably some complicated arrangement of letters, numbers, and punctuation. Well, it doesn’t need to be, and the guy who came up with those rules is sorry.

That guy is Bill Burr, 72, who in 2003 was a midlevel manager at the National Institute of Standards and Technology. Now retired, he was asked back then to come up with a set of guidelines on how to make passwords.

Advertisement

Called “NIST Special Publication 800-63. Appendix A,” it included suggestions such as changing your password every 90 days, and also using a variety of characters. Those guidelines became the cornerstone of a lot of websites, which is why you’re often prompted to increase the complexity of your password.

Burr, however, was wrong. “Much of what I did I now regret,” he told the Wall Street Journal.

The problem was that he didn’t have enough data on what sort of passwords were successful. So his research led him to believe this was the best course of action.

“In the end, it was probably too complicated for a lot of folks to understand very well, and the truth is, it was barking up the wrong tree,” he said.

Advertisement

So what should you do? Well, the most secure passwords do not rely on complexity. Instead, length is the best way to make them less easy to hack.

As explained in the XKCD comic below, a password like “Tr0ub4dor&3”, which adheres to Burr’s original guidelines, would take just three days to crack and is hard to remember. Conversely, four random words like “correct horse battery stable” is not only easy to remember, it would take 500 years for computers to break.

Credit: Randall Munroe/XKCD

What’s more, recent spates of hacking have highlighted that people are not as original as they think. Data leaks from places like Yahoo and LinkedIn have shown that people often opt for fairly similar passwords.

Thankfully, the rules have been changed. In June, a new group at the NIST rewrote the guidelines, which dropped the 90-day expiration advice and also the requirement for special characters. Hopefully these will be adopted in the not too distant future, so that websites can stop asking us for a bunch of random characters.

Advertisement

Basically, strings of words or easy-to-remember phrases are the way forwards. Now go forth and change your passwords. We’ll wait.

ARTICLE POSTED IN

technologyTechnology
  • tag

  • password,

  • internet security,

  • website,

  • xkcd

FOLLOW ONNEWSGoogele News

technology

More Technology Stories

World's Largest Nuclear Fusion Reactor Opens In JapanThe photo show a bit cylindical structure with many pipes withing a hangar. Sevealr plaftorms are located around it
technologyTechnology

World's Largest Nuclear Fusion Reactor Opens In Japan

clock3 days ago
comments9
share210
Russia’s Military Dolphins May Have Escaped And Gone On The LamIllustration of a dolphin leaping over a barbed wire fence at sunset
technologyTechnology

Russia’s Military Dolphins May Have Escaped And Gone On The Lam

clock4 days ago
comments3
share280
Why Do Airplanes Have Rounded Windows?Airplane window. Mountain and clouds view
technologyTechnology

Why Do Airplanes Have Rounded Windows?

clock4 days ago
comments1
share66