Marcha 24, 2018

Man who created modern password management rules says he was largely mistaken

09 Agosto 2017, 11:23 | Benedicto Grullon

Man who wrote password'bible admits My advice was completely wrong

Man who wrote password'bible admits My advice was completely wrong

The retired 72-year old was reportedly a manager at The National Institute of Standards and Technology (NIST) back in 2003 when he wrote "NIST Special Publication 800-63".

In June, the NIST released new guidelines, which don't call for "special characters" or changing passwords frequently anymore.

Burr wrote the unofficial rules regarding how to choose a strong password, including using a mix of letters, numbers and symbols and changing passwords every 90 days.

Burr told the Journal that most people make the same, predictable changes - such as switching from a 1 to a 2 - which makes it easy for hackers to guess.

If the man who invented those pesky password rules himself says that he might have made a mistake, then you should think twice about all those password management that you've gotten used to following. NIST now recommends using long passphrases instead of complicated alphanumeric passwords, and only refreshing them if they've been breached. He advised people to use capital and small letters combined with numbers and symbols to make passwords more hard to hack.

"I'm sure that in your experience you've found that changing them often is a real problem", says David Gerhard, a professor of computer science at the University of Regina.

Long, easy-to-remember phrases now get the nod over insane characters, and users should be forced to change passwords only if there is a sign they may have been stolen, says NIST, the federal agency that helps set industrial standards in the U.S. Ironically, Burr's password security guidance actually ended up making passwords less secure. They're easier to remember, and if he forgets, he can look them up.

Everyone knows that creating complex, alphanumeric passwords, let alone remembering them, is pretty much the worst.

Burr also criticised his own advice of urging people to regularly change passwords since most people instinctively end up altering one character, again useless in the event of a brute force attack.

As explained in the XKCD comic below, a password like "Tr0ub4dor&3", which adheres to Burr's original guidelines, would take just three days to crack and is hard to remember. For example, with current technology, experts have suggested something as simple as "correct horse battery staple", written together as a single word, could take up to 550 years to be cracked. People often change just one character of their password if the platform allows it, completely defeating the objective of the requirement in the first place.

Otras noticias

Tendencias Ahora

Sean Spicer still has plans to leave the White House
A few hours later, Scaramucci was facing Kelly in the chief of staff's corner office, learning his West Wing days were over. Under Kelly's management, everyone in the West Wing, including Ivanka Trump and Jared Kushner, will report to him.

Scaramucci fired by Trump for 'inappropriate' comments
Henceforth, it was announced, all White House personnel would report to Kelly and go through him to see the president. It just doesn't work, even with an engaged and skilled politician (that is, Clinton) in the Oval Office.

Zidane's Real Madrid reign supreme in Europe — UEFA Super Cup
Mourinho is right; there is not an English club which is close to the Spanish, European and world champions at present. Marcus Rashford wasn't great off the bench either, although they did bring some life to the team due to being fresh.

PGA Championship move to May changes major championship rhythm
Mickelson, like four-time major victor Ernie Els of South Africa, will make his 100th major appearance this week at Quail Hollow . The 30-year-old's world ranking dipped inside the top-100 for the first time but has slipped back to 101st, 14 slots behind Lee.

Korea says mulling missile strike against Guam
The U.S. dollar index edged down and the safe-haven yen strengthened against the U.S. currency after North Korea's response. North Korea's ICBM tests last month suggested it was making technical progress, Japan's annual Defence White Paper warned.

Mourinho pleased with team despite defeat — Uefa Supercup
When asked if Real came to him with the possibility that he could leave, Bale responded: "Not that I know of". The real battle ensued between United and Chelsea, over their quest for pulling Morata in from Madrid.

Is Jaime Lannister Dead After that Game of Thrones Battle?
Before we go any further, we'll offer the obligatory spoiler warning for all of Game of Thrones , up until The Spoils Of War . You probably watched that epic battle in last night's episode of "Game of Thrones" from between your fingers while screaming.

Lenovo K8 Note Launched With 4000mAh Battery & Android Nougat | Check Price & Specs
Connectivity options on the smartphone include 4G with VoLTE, Wi-Fi 802.11ac, Bluetooth and Global Positioning System . Who's excited about the K8 Note? Honor 6X is priced at Rs 10,999 for 32GB variant, and Rs 12,999 for the 64GB model .

North Korea 'seriously considering plan to strike Guam with missiles'
It is about 2,200 miles (3,500 km) southeast of North Korea , much closer than it is to any of the United States. However, there's debate within the intelligence community that Pyongyang has the required skill and technology.

Taylor Swift's trial lawyer accuses Denver DJ of seeking money, fame
Swift's attorney will continue his cross-examination of Mueller on Wednesday, then Mueller's witnesses will be called to testify. Jury selection in the Taylor Swift civil case involving a groping claim has ended for the day and will resume Tuesday.