The year was 2003 when former National
Institute of Standards and Technology manager Bill Burr laid
down the law on how people should create masterful passwords that would stand
the test of time and be unbreakable for nefarious elements of the Internet.
His password advice for the masses was
twofold and massively flawed.
Step 1: Use irregular capitalization,
special characters, and at least one number to turn common phrases into
harder-to-solve ones. An unfortunate example from 16 years ago was
“P@ssW0rd123!” which is a play on password123, one of the most commonly
recognized terrible choices for a password in the entire world.
Step 2: Change your passwords regularly, at least once every 90 days. Burr’s advice was written up in a very official sounding report called “NIST Special Publication 800-3. Appendix A” and adopted around the world by companies, colleges, governments, and individuals.
Burr’s Two Oversights
Burr’s first mistake was encouraging people to use known words with different permutations of replacement characters and irregular capitalization rules. Not only is it a bad idea to use variations of known words, but it results in lots of people using the exact same techniques, giving hackers the ability to guess certain predictive traits that can lead them to be able to guess lots of passwords with the same criteria.
The second mistake was the worse of the
two. Picking one password at one time usually has a person giving their best
effort because it’s the first time doing it. When 90 days have passed and it’s
time for another password, the employee is likely to be busy doing lots of
other things and is not nearly as interested in dedicating a lot of time and
effort into picking another equally strong password. In fact, they are far more
likely to just slightly alter their current password to make it easier to
remember. For instance, if a junior employee Lily originally picks the password
‘IloveMonkeyz00” when she signed on to a new company, her most likely password
replacement 90 days later is “IloveMonkeyz01”.
The Better Solution
Instead of trying to remember a series of
complicated passwords for all of your online accounts, the best solution is to
employ a password manager like Dashlane.
Password managers take the memorization frustration out of your individual user
accounts by loading all of those complicated passwords into one third-party
vault that you control with one master password. The master password is
formulated much like you want your individual passwords formulated. You take a
series of words, characters, and numbers that are unique to you and would be
very difficult for anyone else to guess. This is the only password you will
have to remember for the duration of the time you use the Password Manager.
Whenever you want to sign on to one of your other accounts, you’ll only need to
remember the Master Password, which will in turn cue the vault to enter the
correct user name and password for the individual site and open up your access.
Post a Comment