The insights came in a Monday interview with Burr, a former employee of the National Institute of Standards and Technology (NIST), conducted by the Wall Street Journal. Burr said that many of the password rules he came up with weren’t actually that helpful. For example, the requirement of using a letter, a number, an uppercase, and a special character isn’t useful, and neither is the recommendation of changing your password every 90 days. Everything we know about what makes a strong password is wrong. Rather, most of the standards we use to determine the strength of a password are wrong, according to Bill Burr, the man responsible for originally publishing the standards.
The 3 big takeaways – How should businesses react:
- Common password rules, like using a special character or changing them every 90 days, are not helpful, the creator of these standards told the Wall Street Journal this week.
- Users should build passwords with four random words strung together, instead of a single word with random numbers and characters.
- Businesses should use the new NIST standards to inform their corporate password policies and educate their employees.
Read the complete article here.