Get All Access for $5/mo

You Might Not Need Complex, Alphanumeric Passwords After All NIST now recommends using long passphrases instead of complicated alphanumeric passwords, and only refreshing them if they've been breached.

By Angela Moscaritolo

This story originally appeared on PCMag

Shutterstock

Everyone knows that creating complex, alphanumeric passwords, let alone remembering them, is pretty much the worst. Our lackluster password skills have spawned an entire password manager business.

Now it seems our troubles were perhaps for naught, and the dude who created the rules about complex passwords would like to apologize.

That man is Bill Burr, who is now 72 and retired. Almost 15 years ago, while working at the National Institute of Standards and Technology (NIST), he wrote what would basically become the bible of password management: NIST Special Publication 800-63. Appendix A. You may have never heard of it, but you're surely familiar with its mandates: passwords must be at least a certain length and include a number, upper and lowercase letters and special characters like an exclamation point or question mark, and must be changed every 90 days.

Now, Burr says that advice was a mistake. "Much of what I did I now regret," Burr tells The Wall Street Journal.

When Burr was writing the publication, he didn't have much data to go by and was being pressured to come up with guidance quickly, according to the Journal. For research purposes, he asked the computer admins at NIST for a peek at the passwords on their network, and they scoffed at the idea. So, to get the job done, he "leaned heavily on a white paper written in the mid-1980s," the Journal reports.

"In the end, it was probably too complicated for a lot of folks to understand very well," Burr says. "It just drives people bananas and they don't pick good passwords no matter what you do."

Fortunately, NIST Special Publication 800-63 recently received a much-needed rewrite. Gone are the rules about changing your password every 90 days and using special characters. NIST now recommends using long passphrases instead of complicated alphanumeric passwords, and only refreshing them if they've been breached.

Angela Moscaritolo has been a PCMag reporter since January 2012. 

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Most Popular

See all
Thought Leaders

Creativity Isn't Just Something You're Born With — It's a Skill You Can Develop. Here's How.

Creativity is a vital skill for personal and business success, yet many people struggle to nurture it — or they believe they can't. Here are some practical steps and principles to align your mindset and emotions to enhance your creative potential.

By Jonathan Brierre
Business News

Is One Company to Blame for Soaring Rental Prices in the U.S.?

The FBI recently raided a major corporate landlord while investigating a rent price-fixing scheme. Here's what we know.

By Sherin Shibu
Business News

The Most Downloaded News App in the U.S. May Have Published Dozens of Fake, AI-Written Stories

The stories were fake but had real-world consequences for the app's 50 million monthly users.

By Sherin Shibu
Business News

She Tracked Her Missing Luggage With an Apple Device — Straight to an Airport Employee's Home

Paola Garcia flew into Terminal 4 at Fort Lauderdale-Hollywood International Airport last month when she noticed her luggage never made it to the carousel — then her Apple Watch started pinging.

By Emily Rella
Side Hustle

This Former Starbucks Employee Started a Side Hustle That's Making More Than $70,000 a Month — and He's Not Done Yet

When Tom Saar moved to New York City, he spotted a lucrative business opportunity.

By Amanda Breen
Leadership

How to Break Free From the Cycle of Overthinking and Master Your Mind

Discover the true cost of negative thought loops — and practical strategies for nipping rumination in the bud.

By Aytekin Tank