We have been doing passwords all wrong

password strength by XKCD

Bill Burr, who originated the most commonly known password guidelines worked for the National Institute of Standards and Technology. Back in 2003 he wrote the NIST 800-63 Appendix A paper that provided password guidance that we have been using ever since. Burr suggested Capital letters, $pecial characters and Numbers to be used for our passwords and to change them often.

Turns out this guidance is wrong based on the amount of time it would take to crack your password and Mr. Burr openly admits it. The new password guidance is a bit easier to remember and would take quite a bit more time to crack compared to the outdated password usage. This graphic from XKCD sums it up rather well, don’t you think?

Only issue I see is that most websites and password required logins are still hardwired to the old standard and may not allow the new passwords. Thoughts?

Leave a Comment

Your email address will not be published. Required fields are marked *

Call Now ButtonCall Us Now Scroll to Top