by Graham Pierrepoint
We’ve all been there – when signing up for a new website or service, we’ve all been asked to come up with a complex password that adheres to a number of different rules. For some time, the biggest services have required us to compose security phrases of at least right characters in length, and to make sure that we include upper case characters, symbols and numbers – and, in some cases, we may not even be able to put the same numbers or letters together twice – it all gets rather confusing all too quickly. Now, it seems, there perhaps hasn’t ever been a need for such complexity – and the man who helped to popularize the idea of complex passwords has in fact made a public apology as a result.
The man in question is Bill Burr, who helped to shape guidelines for strong passwords back in 2003 – and had also advised us to change our passwords regularly to maximise security. For many of us, these habits seem all too common and perhaps ingrained now – but, having taken time to reflect on this advice, Burr has confirmed that the idea of building a complex phrase that is changed regularly is ‘barking up the wrong tree’. “Much of what I did I now regret,” advises Burr via Wall Street Journal, who admits that there is in fact a completely different formula to strong passwording than he had previously advised.
It seems that the way to go nowadays – rather than simply offering jumbled up letters and adhering to certain rules – is to create an extremely long password. This, it is thought, will help to deter hacking more than character randomization ever has – advice that is perhaps coming too little too late for those who have still lost accounts as a result of this supposedly secure method of password setup. Regardless, it perhaps now means that many of us looking to safeguard our accounts can do so with a different strategy – to go for lengthier phrases rather than needlessly complex ones.
The same advice will stay the same to some extent, however – never use dates or names that people can guess, or ever use the classic combination of ‘password’ with numbers. On top of this, anyone still using the password for multiple sites will run the risk of seeing their accounts fall like dominoes if they are hacked – meaning some of the old tips will still be relevant even if a lot of it has now been debunked.