This gave me pause: The now-retired Bill Burr, who is the former National Institute of Standards and Technology manager, told the Wall Street Journal that he regrets his previous advice on how to create a password.
The Verge reports:
“The problem wasn’t that Burr was advising people to make passwords that are inherently easy to crack, but that his advice steered everyday computer users toward lazy mistakes and easy-to-predict practices. Burr’s eight-page password document, titled “NIST Special Publication 800-63. Appendix A,†advised people to use irregular capitalization, special characters, and at least one numeral. That might result in a password like “P@ssW0rd123!†While that may make it seem secure on the surface (neglecting, of course, that “password†is a bad password), the issue is that most people tend to use the same exact techniques when crafting these digital combo locks. That results in strings of characters and numbers that hackers could easily predict and algorithms that specifically target those weaknesses.”
Interestingly, in 2011, xkcd’s Randall Munroe saw this problem and created that cartoon above.
Tl;dr: Use a string of memorable plain language phrases to create your passwords. |