Managing your passwords can be extremely frustrating. And the requirements for making up a secure password are hard to keep up with, too. Use at least one uppercase letter, a special character, a number, your astrological sign, and the name of your unborn child (just kidding — we think). The point is, all these requirements make your password almost impossible to remember. By the time you’ve entered this extremely complicated password enough times to remember it, it’s time to change it again!
It’s not just you. Creating and managing passwords is frustrating. The man we can thank for that has recently admitted that “Much of what I did I now regret.” Bill Burr, former National Institute of Standards and Technology manager, is the person responsible for writing the password guidelines we’ve all come to know.
The good news is that the National Institute of Standards and Technology (NIST) recently revised the guidelines for creating passwords and they are much, much simpler. Paul Grassi, senior standards and technology adviser at NIST, told NPR, “The traditional guidance is actually producing passwords that are easy for bad guys and hard for legitimate users.”
The New Guidelines
What does this mean for passwords? Well, for starters, there’s no need for special characters or a mix of uppercase and lowercase letters. Passwords should be simple, long, and easy to remember. Believe it or not, following this formula makes it harder for hackers to guess your password.
Here are some tips:
- Use common English words.
- Avoid repetitive or sequential characters (ex., 1234, wxyz).
- Get rid of password hints and password reset questions — they’re trouble.
- Use a password manager.
- No need to change your password unless it has been compromised.
- Make you password at least 8 characters long — but the longer the better when it comes to passwords (think: long nonsense phrases, such as “carpetsunshinedog”).
And yes, “password” — and every variation of it — is still not acceptable.
Check out the full set of guidelines at the NIST website.
Originally published at rtslabs.com on August 25, 2017.