The Man Who Wrote Those Password Rules Has a New Tip: N3v$r M1^d!


#1

Sadly, I don’t have an account at wsj.com, but this article starts off worth reading:

The man who wrote the book on password management has a confession to make: He blew it.

Back in 2003, as a midlevel manager at the National Institute of Standards and Technology, Bill Burr was the author of “NIST Special Publication 800-63. Appendix A.” The 8-page primer advised people to protect their accounts by inventing awkward new words rife with obscure characters, capital letters and numbers—and to change them regularly. (fade to white)


#2

The new advice hotness is to create a low-key funk band and sing your PIN to everyone.


#3

Well who takes password advice from a stand up comic?

But seriously, this sucks!


#4

F0zz13-W4ck4W4ck4++4Lyf3


#5

You can read the WSJ article if you search for the title of the article in Google and click on the wsj link from Google – that works for most news paywalls because Google downgrades links that aren’t available in full text from Google.

Anyway, the key point is the following:

The NIST rules were supposed to give us randomness. Instead they spawned a generation of widely used and goofy looking passwords such as Pa$$w0rd or Monkey1! “It’s not really random if you and 10,000 other people are doing it"

It isn’t that complicated long passwords with weird characters are bad – obviously they are better than a short dictionary word – but that there are ways to still have bad passwords that get through the system.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.