Friday

How to Overcome Bill Burr’s Faulty 2003 Password Advice


The year was 2003 when former National

Institute of Standards and Technology manager Bill Burr laid

down the law on how people should create masterful passwords that would stand

the test of time and be unbreakable for nefarious elements of the Internet.


His password advice for the masses was

twofold and massively flawed.


Step 1: Use irregular capitalization,

special characters, and at least one number to turn common phrases into

harder-to-solve ones. An unfortunate example from 16 years ago was

[email protected]!” which is a play on password123, one of the most commonly

recognized terrible choices for a password in the entire world.


Step 2: Change your passwords regularly, at least once every 90 days. Burr’s advice was written up in a very official sounding report called “NIST Special Publication 800-3. Appendix A” and adopted around the world by companies, colleges, governments, and individuals.


Burr’s Two Oversights


Burr’s first mistake was encouraging people to use known words with different permutations of replacement characters and irregular capitalization rules. Not only is it a bad idea to use variations of known words, but it results in lots of people using the exact same techniques, giving hackers the ability to guess certain predictive traits that can lead them to be able to guess lots of passwords with the same criteria.


The second mistake was the worse of the

two. Picking one password at one time usually has a person giving their best

effort because it’s the first time doing it. When 90 days have passed and it’s

time for another password, the employee is likely to be busy doing lots of

other things and is not nearly as interested in dedicating a lot of time and

effort into picking another equally strong password. In fact, they are far more

likely to just slightly alter their current password to make it easier to

remember. For instance, if a junior employee Lily originally picks the password

‘IloveMonkeyz00” when she signed on to a new company, her most likely password

replacement 90 days later is “IloveMonkeyz01”.


The Better Solution


Instead of trying to remember a series of

complicated passwords for all of your online accounts, the best solution is to

employ a password manager like Dashlane.

Password managers take the memorization frustration out of your individual user

accounts by loading all of those complicated passwords into one third-party

vault that you control with one master password. The master password is

formulated much like you want your individual passwords formulated. You take a

series of words, characters, and numbers that are unique to you and would be

very difficult for anyone else to guess. This is the only password you will

have to remember for the duration of the time you use the Password Manager.

Whenever you want to sign on to one of your other accounts, you’ll only need to

remember the Master Password, which will in turn cue the vault to enter the

correct user name and password for the individual site and open up your access.

Post a Comment

Whatsapp Button works on Mobile Device only

Start typing and press Enter to search