“The security expert who wrote widely accepted advice in 2003 about online passwords—use special characters and change the passwords regularly—now acknowledges that he misfired. “Much of what I did I now regret,” Bill Burr, who is 72 and retired from the National Institute of Standards and Technology, tells the Wall Street Journal.”
To those not in the know, this isn’t really anything new to us in the technology world. What makes this news is that the man who created our current “standard” is now admitting he got it wrong.
For years many security experts suggested using pass “phrases” instead of some weird conglomeration of upper case, lower case, number and special characters.
Take this for example, let’s say your password was soemthing like DMichael96, according to https://howsecureismypassword.net/ it would only take 8 months to crack that one wide open. But if we used “themanonthemooniswalkingoncheese” it would take 2 octillion years. That’s right, a 2 with 27 zeros after it or 10 to the 27th power.
Besides remembering a phrase like that is much easier to remember than some convoluted password like “5J4kRZqPYT5x”
Now we just have to wait for developers to change the way we log in. As it stands many websites limit the number of characters you may enter for a password. I even have one system where the OS allows you to set the password length to what you want but the field where you enter your password only allows for 8 characters. Weird.
In the meantime I recommend you don’t use your kids initials and their birth date or your dogs name, instead use strong passwords and a password manager to help you manage all of these passwords. I personally use LastPass. I have hundreds of passwords, there is no way I could remember them all.
Using a password manager helps you with using a different password with each site you log on to. This makes your online life much more secure. Most people don’t think much about it but if you use the same password and a hacker hacks that book of the month club you belong to, they now can, quite quickly attempt to log into every bank and credit card company in the world and get into your account.
Visit https://howsecureismypassword.net/ to test your password. You will be surprised by the results.