"A capital letter, a special character, a number, and different from your old combination." These are often the requirements you have to face when creating or resetting a password online.
Following the above rules, you may come up with something similar to "ilOve5oTters#"" or "12ThrEe$lol", which is supposed to be safe but hard to remember.
However, you now need to forget everything you know about passwords, says the man who made the "Bible of Passwords".
Bill Burr, retired former manager at the National Institute of Standards and Technology (NIST), was tasked to set rules for effective passwords in 2003, and added a recommendation that these combinations should be updated every 90 days. The document composed by Burr then became prevalent among the government, businesses and other institutions.
But now, the 72-year-old password godfather admits he was wrong. "Much of what I did I now regret," he told The Wall Street Journal.
In fact, an odd-looking combination is more dangerous than a simple English word, said NBC News. A difficult password will force you to write it down, which is obviously less secure than something you can memorize.
Also, adding numbers and symbols won't make passwords any stronger in terms of defending cyber attacks, The Telegraph reported.
Fortunately, the NIST is working on new security recommendations.
When forced to update passwords every 90 days, people tend to just take out one character, which makes the combination incredibly insecure. The revised recommendation of NIST is that IT departments should only force a password change when a security breach has occurred. Otherwise the changes we make are often incremental.
Another suggestion is using long phrases instead of short ones with unique characters. It turns out that adding password restrictions, such as upper case letters and numbers, actually makes the password easier for hackers to crack.
Therefore, something like "iloveotters" is safer than a messy code like "Tr0ub4dor&3", which could be cracked in just three days, according to viral webcomic by xkcd.
