Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 4 MINUTES AGO.
You are here: Home / Security Solutions / Password Guru Bill Burr: Never Mind
Password Guru Bill Burr's New Advice: Never Mind
Password Guru Bill Burr's New Advice: Never Mind
Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
AUGUST
09
2017
The man responsible for setting the guidelines for complex passwords says he regrets writing the advice, and acknowledged that it "drives people bananas."

Bill Burr was not a security expert when he wrote the guidelines for password security for the U.S. National Institute of Standards and Technology in 2003.

His guidelines, which suggested that passwords should be changed every three months and should include different characters, are still followed by many services.

They have resulted in password requirements now demanding upper and lower case letters as well as numbers and punctuation marks.

Speaking to the Wall Street Journal the 72-year-old, who is now retired, said he now regrets "much of what I did".

He added: "It just drives people bananas and they don't pick good passwords no matter what you do."

The UK's National Cyber Security Centre's password guidance says that forcing users to change their passwords at regular intervals "imposes burdens on the user and carries no real benefits".

Mr. Burr says the guidelines were "probably too complicated for a lot of folks to understand very well, and the truth is, it was barking up the wrong tree".

He added that regularly changing passwords was mistaken advice, because most people only alter one character of their previous password which does little to stop hackers.

Short passwords with random characters are much quicker for computers to crack than longer passwords or passphrases which are not as randomly composed.

© 2017 Sky News under contract with NewsEdge/Acquire Media. All rights reserved.

Image credit: iStock.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN SECURITY SOLUTIONS

NETWORK SECURITY SPOTLIGHT
A computer programmer who created malware used to hack the Democratic National Committee during the 2016 U.S. presidential race has become a cooperating witness in the FBI's investigation.

ENTERPRISE SECURITY TODAY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.