Scrap everything you know about strong passwords and do this instead

Scrap everything you know about strong passwords and do this instead Scrap everything you know about strong passwords and do this instead You know the drill: make a password with a hodgepodge of special characters, numbers, and letters, then change it periodically â€" or just ignore change alerts until a hacking scandal suddenly arises.You may want to rethink your strategy.Follow  Ladders on Flipboard!Follow Ladders’ magazines on Flipboard covering  Happiness,  Productivity,  Job Satisfaction,  Neuroscience, and  more!Bill Burr, the man behind how we commonly think of devising passwords, recently told The Wall Street Journal,  â€œmuch of what I did I now regret.”The password creation shakeupThe retired 72-year old was reportedly a manager at  The National Institute of Standards and Technology (NIST) back in 2003 when he wrote “NIST Special Publication 800-63. Appendix A,” featuring the password guides we’ve held true for years now.According to The Wall Street Journal, this included, namely, the rule that passwords should be a combination  of numbers, special characters, and uppercase letters, which you change every 90 days.Why is Burr changing his tune years later?He reportedly had to produce the rules quickly and wanted them to be based on research, but he had no “empirical data on computer-password security.” So he turned to a white paper from the 1980s.Burr  told The Wall Street Journal  that his advice has led people astray because  those rules were probably too challenging for many to understand and caused people to use passwords that were not too  difficult to crack.In June, the NIST released  new guidelines, which don’t call for “special characters” or changing passwords frequently  anymore. Instead, the NIST says the rules now preach “long, easy-to-remember phrases” and just coming up with new ones “if there is a sign they may have been stolen.”A  xkcd comic  by Randall Munroe from August 2011 shows that figuring out the password “Tr0ub4dor3” would take three days to solve, according to the cartoonist’s calculations, compared to the words “correct horse battery staple” typed as a single word, which would take a staggering 550 years to solve. Computer-security specialists found this to be  true.Be careful changing passwordsYou may also want to rethink how often you update your password. This practice can place us at risk if we take the wrong approach.When we repeatedly change passwords,  we don’t always change them properly.Professor Alan Woodward of the University of Surrey told BBC News that NIST publications have a far reach, giving the rules “a long lasting impact.” But he also mentioned “a rather unfortunate effect”:For example, the more often you ask someone to change their password, the weaker the passwords they typically choose. . . . And, as we have all now so many online accounts, the situation is compounded so it encourages behaviours such as password reuse across systems.Steer clear of these password optionsSo if you’re looking to change your password soon, don’t pick these.SplashData, which supplies pas sword management applications, released the 2015 version of its “Worst Passwords List.”  Here are  the top 10 worst ones featured:1. 123456 2. password 3. 12345678 4. qwerty 5. 12345 6. 123456789 7. football 8. 1234 9. 1234567 10. baseballMorgan Slain, CEO of SplashData commented on the findings in a statement.We have seen an effort by many people to be more secure by adding characters to passwords, but if these longer passwords are based on simple patterns they will put you in just as much risk of having your identity stolen by hackers…As we see on the list, using common sports and pop culture terms is also a bad idea. We hope that with more publicity about how risky it is to use weak passwords, more people will take steps to strengthen their passwords and, most importantly, use different passwords for different websites.Embracing the new way of thinking when it comes to passwords just might keep your online accounts out of harm’s way. Scrap everything you know about strong passwords and do this instead You know the drill: make a password with a hodgepodge of special characters, numbers, and letters, then change it periodically â€" or just ignore change alerts until a hacking scandal suddenly arises.You may want to rethink your strategy.Bill Burr, the man behind how we commonly think of devising passwords, recently told The Wall Street Journal,  â€œmuch of what I did I now regret.”The password creation shakeupThe retired 72-year old was reportedly a manager at  The National Institute of Standards and Technology (NIST) back in 2003 when he wrote “NIST Special Publication 800-63. Appendix A,” featuring the password guides we’ve held true for years now.According to The Wall Street Journal, this included, namely, the rule that passwords should be a combination  of numbers, special characters, and uppercase letters, which you change every 90 days.Why is Burr changing his tune years later?He reportedly had to produce the rules quickly and wanted them to be based on research, but h e had no “empirical data on computer-password security.” So he turned to a white paper from the 1980s.Burr  told The Wall Street Journal  that his advice has led people astray because  those rules were probably too challenging for many to understand and caused people to use passwords that were not too  difficult to crack.In June, the NIST released  new guidelines, which don’t call for “special characters” or changing passwords frequently  anymore. Instead, the NIST says the rules now preach “long, easy-to-remember phrases” and just coming up with new ones “if there is a sign they may have been stolen.”A  xkcd comic  by Randall Munroe from August 2011 shows that figuring out the password “Tr0ub4dor3” would take three days to solve, according to the cartoonist’s calculations, compared to the words “correct horse battery staple” typed as a single word, which would take a staggering 550 years to solve. Computer-security specialists found this to be  true.Be c areful changing passwordsYou may also want to rethink how often you update your password. This practice can place us at risk if we take the wrong approach.When we repeatedly change passwords,  we don’t always change them properly.Professor Alan Woodward of the University of Surrey told BBC News that NIST publications have a far reach, giving the rules “a long lasting impact.” But he also mentioned “a rather unfortunate effect”:For example, the more often you ask someone to change their password, the weaker the passwords they typically choose. . . . And, as we have all now so many online accounts, the situation is compounded so it encourages behaviours such as password reuse across systems.Steer clear of these password optionsSo if you’re looking to change your password soon, don’t pick these.SplashData, which supplies password management applications, released the 2015 version of its “Worst Passwords List.”  Here are  the top 10 worst ones featured:1. 123456 2. password 3. 12345678 4. qwerty 5. 12345 6. 123456789 7. football 8. 1234 9. 1234567 10. baseballMorgan Slain, CEO of SplashData commented on the findings in a statement.We have seen an effort by many people to be more secure by adding characters to passwords, but if these longer passwords are based on simple patterns they will put you in just as much risk of having your identity stolen by hackers…As we see on the list, using common sports and pop culture terms is also a bad idea. We hope that with more publicity about how risky it is to use weak passwords, more people will take steps to strengthen their passwords and, most importantly, use different passwords for different websites.Embracing the new way of thinking when it comes to passwords just might keep your online accounts out of harm’s way.