My Queue

There are no Videos in your queue.

Click on the Add to next to any video to save to your queue.

See Latest Videos

There are no Articles in your queue.

Click on the Add to next to any article to save to your queue.

See Latest Articles

There are no Podcasts in your queue.

Click on the Add to next to any podcast episode to save to your queue.

See Latest Podcasts

You're not following any authors.

Click the Follow button on any author page to keep up with the latest content from your favorite authors.

Passwords

You Might Not Need Complex, Alphanumeric Passwords After All

NIST now recommends using long passphrases instead of complicated alphanumeric passwords, and only refreshing them if they've been breached.
Next Article
  • --shares
Add to Queue
You Might Not Need Complex, Alphanumeric Passwords After All
Image credit: Shutterstock
Reporter
2 min read
This story originally appeared on PCMag

Everyone knows that creating complex, alphanumeric passwords, let alone remembering them, is pretty much the worst. Our lackluster password skills have spawned an entire password manager business.

Now it seems our troubles were perhaps for naught, and the dude who created the rules about complex passwords would like to apologize.

That man is Bill Burr, who is now 72 and retired. Almost 15 years ago, while working at the National Institute of Standards and Technology (NIST), he wrote what would basically become the bible of password management: NIST Special Publication 800-63. Appendix A. You may have never heard of it, but you're surely familiar with its mandates: passwords must be at least a certain length and include a number, upper and lowercase letters and special characters like an exclamation point or question mark, and must be changed every 90 days.

Now, Burr says that advice was a mistake. "Much of what I did I now regret," Burr tells The Wall Street Journal.

When Burr was writing the publication, he didn't have much data to go by and was being pressured to come up with guidance quickly, according to the Journal. For research purposes, he asked the computer admins at NIST for a peek at the passwords on their network, and they scoffed at the idea. So, to get the job done, he "leaned heavily on a white paper written in the mid-1980s," the Journal reports.

"In the end, it was probably too complicated for a lot of folks to understand very well," Burr says. "It just drives people bananas and they don't pick good passwords no matter what you do."

Fortunately, NIST Special Publication 800-63 recently received a much-needed rewrite. Gone are the rules about changing your password every 90 days and using special characters. NIST now recommends using long passphrases instead of complicated alphanumeric passwords, and only refreshing them if they've been breached.

More from Entrepreneur

Corene Summers helps clients advancing their health, careers and lives overall through reducing stress, tension and optimizing sleep.
Book Your Session
Jumpstart Your Business. Entrepreneur Insider is your all-access pass to the skills, experts, and network you need to get your business off the ground—or take it to the next level.
Join Now
Create your business plan in half the time with twice the impact using Entrepreneur's BIZ PLANNING PLUS powered by LivePlan. Try risk free for 60 days.
Start My Plan

Related Books

Entrepreneur Voices on Elevator Pitches

Entrepreneur Voices on Elevator Pitches

Buy From
No B.S. Marketing to the Affluent

No B.S. Marketing to the Affluent

Buy From
Ultimate Guide to Amazon Advertising

Ultimate Guide to Amazon Advertising

Buy From
Ultimate Guide to LinkedIn for Business

Ultimate Guide to LinkedIn for Business

Buy From
The Direct Mail Revolution

The Direct Mail Revolution

Buy From
The New Employee Manual

The New Employee Manual

Buy From

Latest on Entrepreneur

Cybersecurity

8 Simple Ways to Minimize Online Risk

Password Security

This App Can Secure Your Whole Team's Passwords

3 Things To Know

Google Moves Away From Passwords and Towards Facial Recognition. 3 Things to Know Today.