Have you been designing that perfect password to safeguard your online data? Most probably your answer would be, ‘yes’! Considering all the painstaking effort made to create the most secure digital locks, using a series of permutations and combinations, you may just wish to twist your ears for engaging your time and energy in doing so.
The gentleman, who positioned the overwhelming password requirements from protecting your email accounts, online banking portals and several login pages that you use daily, now admits that these standards are useless. Mr. Bill Burr, former Manager at the National Institute of Standards and Technology (NIST), in the year 2003 had drafted a guide on how to construct secure passwords ingeniously. 14 years down the line, when he says that all those special characters, involving severe brain racking to evolve a unique code to protect all online work is baseless, sweeps me off my feet.
As a retired bureaucrat, at the age of 72 years, the original author apologizes to the entire internet fraternity for laying down such rules in the manual. In fact the man himself confided to the Wall Street Journal recently that his research around passwords came to him even before the web world was invented. He admitted that “In the end, the list of guidelines was probably too complicated for a lot of folks to understand very well, and the truth is, it was barking up the wrong tree” and stated that he now regrets its enforcement. His mighty disclosure may disappoint you and set you thinking how you would have struggled to remember and feed complicated passwords that combined upper case and lower case letters and numbers with characters sometimes. For instance, imagine and recollect if you have ever worked out strange password combinations like “in@terNet”. Bill reiterates that such maths does nothing more that complicating and challenging your memory. Similarly, his suggestions in the manual, that cited frequent change of passwords did not yield much to safeguard them, rather pushed you through an exercise of crafting something new every now and then that seemed difficult to crack. The revelation came shortly post NIST’s release of their revised guidelines in June this year, that suggested eliminating much of what Burr had deliberated in 2003. NIST has rephrased the guidelines, scrapping Bill’s advice of using special characters and has recommended that you use a sting of words, easier for you to remember, yet a distant guess by algorithms.
What are you waiting for and do you feel misguided? Let’s see how the websites and companies guide you through the following course of actions in creating passwords. What will happen if they come out and allow forming security codes without following the previously laid guidelines? Will it have grave repercussions, thereby exposing your passwords to an easy crackdown by hackers? Is Bill to be questioned then? He may not have been wrong in his confession. A shorter password that syndicates weird characters could be easier to crack than lengthy and easy to remember words or expressions. The trial and error technology hacks that you have been using through all these years does not leave you rationalizing alone, as the suggestion had well been regarded and adopted by several organizations, government agencies, educational institutions, corporates across North America through all these years.
If you think you can forgive Bill, then its time you equip yourself with frequent password changing mechanisms, instead of screwing obscure and challenging security PIN.
Article by Rochita.