Counselling people to use complicated passwords may not have been the best advice.

Counselling people to use complicated passwords may not have been the best advice.
Photo Credit: Damian Dovarganes/AP Photo/file

Password advice changes, made easier to follow

The man who got us all to use very complicated passwords 14 years ago has changed his mind and now suggests we use passwords that are longer but easier to remember.

Burr regrets advice

Bill Burr was working for the U.S. government when he came up with guidelines in 2003. He advised people to use capital and small letters combined with numbers and symbols to make passwords more difficult to hack. He also advised they be reset every 90 days.

Now Burr has told the Wall Street Journal he regrets much of his advice. Instead, he says people should find longer passwords made of words or phrases that are easy to remember. There should be a different one for each application and they don’t need to be changed unless they are breached.

Some phones have built-in software to manage passwords.
Some phones have built-in software to manage passwords.

Frustration leads to bad practices

“I’m sure that in your experience you’ve found that changing them often is a real problem,” says David Gerhard, a professor of computer science at the University of Regina. “Because when people are forced to change passwords they don’t really know what the new password should be. They try to find something that fits the rules and they can’t. And then they eventually find something and then they just write it down. And writing down a password is a very bad idea.”

Some people actually post their new passwords on their computer. Gerhard says: “The other thing people will do is use the same password everywhere, which is a really, really bad idea.”

Listen

Two steps are more secure

What is now very much favoured is the two-factor authentication. That is a process where users must first type in a password and then do something else to identify themselves. They might answer a personal question or have a code sent to their cell phone which they then can enter. These are seen as more secure methods.

Gerhard also suggests that people use password management software such as those on Apple and Google phones. They require the user to remember only one password. There are also third-party systems which will save passwords and generate new ones for a fee. They are then hidden behind a single password for the user and all is encrypted.

Such a system called OneLogin was hacked in June, but Gerhard says they are generally well-protected.

Categories: Internet, Science & Technology
Tags: ,

Do you want to report an error or a typo? Click here!

For reasons beyond our control, and for an undetermined period of time, our comment section is now closed. However, our social networks remain open to your contributions.