For a time the security industry and many technology users have wondered about the usefulness of complex passwords. To protect access to systems, passwords provide the most basic security. It’s often recommended that passwords are combined with other authentication mechanisms, but that’s a different blog post. Since simplistic passwords like names, birth dates, places etc. are easily guessed by automated software, a recommendation for years has been complex passwords. I’m sure you have come across instructions like this when creating passwords for a new website or system:
should contain numbers, letters, and special characters
The problem is that no one remembers those passwords, especially in a world where we still need passwords for nearly every system and website. Users often get around complex password requirements by:
- Writing them down.
- Using the same password on multiple systems or websites.
- Utilizing password management software that store the passwords… supposedly through very secure means
- Repeating the same patterns or sequence of numbers, letters, and special characters for
None of those are secure and convenient.
Apparently, the gentleman who invented complex passwords at National Institute of Science and Technology( NIST) has become very sorry for all the pain you’ve been caused. Of course, we know he meant well and greatly appreciate his efforts, but the Pain!
The latest NIST password guidelines recommend that users create passwords comprising of long pass phrases. Yes, passphrases, not like your company’s IT policy tells you. Such passwords are more easily remembered and will require much more of computing time and resources from password cracking software. Gizmodo’s fun article describes an approach for creating passphrase passwords.
Subscribe
If you enjoyed this article, please subscribe to receive our weekly newsletter via email.
