To Burr's credit, 12 truly random mixed-case alphanumeric and non-alphanumeric characters that change every three months is normally secure. Passwords like "Blue chocolate is good" or "bigfluffycrazydog" are actually stronger than one's like "tR0u8b1e" because they are both harder to hack and easier to remember. So, after millions of people have struggled in password chaos, it’s a new day. More: Personality assessments can help teams work better together Stuck to a user's monitor or keyboard for anyone to view, Burr's strong passwords become useless. To make matters worse, Burr's "un-memorizable" super complex passwords that must change every 90 days have caused a virtual epidemic of Post-It-Notes with passwords written down on them. Hackers have quickly caught on to this and can now crack a Burr-styled password in less than three days. Because they are so hard to remember, users have tended to choose a common word and just switch out a "0 for an o" and a for an a" and so on. With the benefit of hindsight, Burr says, "It's probably better to do fairly long passwords that are phrases or something like that, that you can remember, than to try to get people to do lots of funny characters."Īs hackers' skills have advanced, Burr's version of the strong password has become easier to crack. In a recent interview in The Wall Street Journal, Burr said he now regrets making his strong password recommendations. On the strength of his recommendation that secure passwords must contain a mix of numeric, non-alphanumeric and mixed case letters, Burr became known as "the father of strong passwords." So instead of your dog's name, or your phone number, Burr's idea of a "strong password" was adopted by governments and companies worldwide. Appendix A,” Burr advised that all passwords should be a string of random characters and that they should be changed every 90 days. Back in 2003 while working at the National Institute of Standards and Technology, a guy named Bill Burr published a document that changed the world.
0 Comments
Leave a Reply. |