LINE

Text:AAAPrint
Sci-tech

Man who wrote password rules admits wrong

1
2017-08-11 10:03:46CGTN Mo Hong'e ECNS App Download

"A capital letter, a special character, a number, and different from your old combination." These are often the requirements you have to face when creating or resetting a password online.

Following the above rules, you may come up with something similar to "ilOve5oTters#"" or "12ThrEe$lol", which is supposed to be safe but hard to remember.

However, you now need to forget everything you know about passwords, says the man who made the "Bible of Passwords".

Bill Burr, retired former manager at the National Institute of Standards and Technology (NIST), was tasked to set rules for effective passwords in 2003, and added a recommendation that these combinations should be updated every 90 days. The document composed by Burr then became prevalent among the government, businesses and other institutions.

But now, the 72-year-old password godfather admits he was wrong. "Much of what I did I now regret," he told The Wall Street Journal.

In fact, an odd-looking combination is more dangerous than a simple English word, said NBC News. A difficult password will force you to write it down, which is obviously less secure than something you can memorize.

Also, adding numbers and symbols won't make passwords any stronger in terms of defending cyber attacks, The Telegraph reported.

Fortunately, the NIST is working on new security recommendations.

When forced to update passwords every 90 days, people tend to just take out one character, which makes the combination incredibly insecure. The revised recommendation of NIST is that IT departments should only force a password change when a security breach has occurred. Otherwise the changes we make are often incremental.

Another suggestion is using long phrases instead of short ones with unique characters. It turns out that adding password restrictions, such as upper case letters and numbers, actually makes the password easier for hackers to crack.

Therefore, something like "iloveotters" is safer than a messy code like "Tr0ub4dor&3", which could be cracked in just three days, according to viral webcomic by xkcd.

  

Related news

MorePhoto

Most popular in 24h

MoreTop news

MoreVideo

News
Politics
Business
Society
Culture
Military
Sci-tech
Entertainment
Sports
Odd
Features
Biz
Economy
Travel
Travel News
Travel Types
Events
Food
Hotel
Bar & Club
Architecture
Gallery
Photo
CNS Photo
Video
Video
Learning Chinese
Learn About China
Social Chinese
Business Chinese
Buzz Words
Bilingual
Resources
ECNS Wire
Special Coverage
Infographics
Voices
LINE
Back to top Links | About Us | Jobs | Contact Us | Privacy Policy
Copyright ©1999-2018 Chinanews.com. All rights reserved.
Reproduction in whole or in part without permission is prohibited.