This week’s news regarding password protection changed everything we thought we knew about securing our passwords.
Since the early 2000’s, industry standard for generating a secure password comprised of:
- Minimum 8 characters, both lower and upper case
- Must include symbols
- Must include numbers
- Must include some ambiguous symbol (?!*&)
- And we must change passwords every 90 days.
We now know this is total BS.
The problem lies in that…. If you and 10,000 other people are using the same “random” ideas, it’s not really random.
The guys responsible for designing safe passwords, the National Institute of Standards and Technology, recently changed their password guidelines. Their previous advice basically just spawned a generation of widely used and goofy looking passwords like “Pa$$w0rd”. And they no longer suggest to frequently change your password, mainly because in most cases only slight alterations are made. Most people would just change “Pa$$w0rd” to” Pa$$w0rd2”.
So what now?
Longer phrases are better than complex characters
Academics who have studied passwords believe using four words in a sequence are much harder for hackers to crack than shorter medley of strange characters. For instance, it would take 550 years to crack the password phrase “correct horse battery staple,” all written as one word, while Tr0ub4dor&3 could be cracked in as little as three days.
More Characters, More Security
Long, easy-to-remember phrases are safer that crazy characters, and users should be forced to change passwords only if there is a sign it has been stolen, says NIST. When a site tells you that it requires lower case letters, upper case letters, numbers and symbols the Bot also knows this and so it can rule our billions of passwords that do not have at least these options. So, what do you do?
- Develop a password you and only you will remember. Be unique.
- Don’t reuse passwords for multiple sites.
- Make sure the password is long. 8 characters is not enough nowadays.