Everything We've Been Told About Online Passwords Is Wrong

You’ve probably followed this go-to password strategy countless times online: a letter, number, at least one uppercase letter and a special character.

But the person that helped spread this doctrine is now walking it back, saying it’s largely been ineffective.

“Much of what I did I now regret,” said Bill Burr — not the comedian — told the Wall Street Journal in an interview published Monday. “It just drives people bananas and they don’t pick good passwords no matter what you do.”

The 72-year-old outlined what has become password Gospel while working for the National Institute of Standards and Technology in 2003. Burr suggested the numbers-letters-special character combo in an eight-page manifesto titled “NIST Special Publication 800-63. Appendix A,” and recommended users change their info every 90 days.

Also Read: Why Steve Jobs' Widow Is the Latest Tech Giant to Purchase a Major Publication

Instead of safeguarding accounts, the strategy backfired. The formula became a nuisance to users; they’d make small, negligible changes to their passwords that were easy to guess by hackers. Burr was under pressure to publish something quick, he said, and had little to lean on for research beyond a paper written in the 1980s.

“In the end, it was probably too complicated for a lot of folks to understand very well, and the truth is, it was barking up the wrong tree,” said Mr. Burr to WSJ.

Now, NIST is scrapping Burr’s suggestions altogether.

“We ended up starting from scratch,” said Paul Grassi, a standards and tech adiser at NIST.

According to Grassi, the widespread password outline spread by Burr “actually had a negative impact on usability. ” Grassi led a two-year revamp of NIST’s suggestion, and published its updated commandments in June.

The new NIST suggestions strip away the 90-day password time limit and jettison special character requirements. Long but easy-to-remember phrases, rather than funky amalgams of letters and numbers, are the way to go, per NIST.

6 Tech Giants Shaking Up News, From Jeff Bezos to Laurene Powell Jobs (Photos)

Tech leaders are increasingly intertwined with the news business. While some want to support old properties, one set out to destroy a new one. Here they are.
Jeff Bezos – Washington Post

The Amazon founder purchased the Washington Post in 2013 for $250 million in cash. President Trump has called the paper the “Amazon Washington Post.”

Also Read: Important Update: Amazon’s Jeff Bezos Isn’t World’s Richest Person Anymore
Getty
Chris Hughes - The New Republic

The Facebook co-founder purchased The New Republic in 2012, becoming executive chairman and publisher. However, he sold the venerable political magazine to Win McCormack in 2016, saying he "underestimated the difficulty of transitioning an old and traditional institution into a digital media company in today’s quickly evolving climate."

Also Read: NY Post Roasts Trump White House With Epic Cover, Evokes CBS’ ‘Survivor’ (Photo)
Getty
Pierre Omidyar - The Intercept

The eBay founder is a well-known philanthropist who created First Look Media, a journalism venture behind The Intercept. Inspired by Edward Snowden's leaks. Omidyar teamed up with journalists Glenn Greenwald, Jeremy Scahill and Laura Poitras to launch the website “dedicated to the kind of reporting those disclosures required: fearless, adversarial journalism.”

Also Read: Former Intercept Journalist Arrested for Bomb Threats on Jewish Sites
Getty
Peter Thiel

The PayPal co-founder doesn’t own a news organization, but he makes this list because he essentially ended one -- Gawker -- proving once again the power of an angry billionaire. Thiel secretly bankrolled Hulk Hogan’s sex-tape lawsuit against Gawker Media because he was upset that the website once outed him as gay. Hogan won the defamation lawsuit against the site that sent its parent company into bankruptcy, and Gawker.com is no longer operating.

Also Read: Gawker Media to Sell Flagship Site, Hulk Hogan to Receive 45 Percent of Proceeds
Getty
Mark Zuckerberg – Facebook

OK, so Facebook isn’t technically a news organization… yet. However, the company is preparing to launch its much-anticipated lineup of original content later this summer, and there are also signs that it's on the verge of becoming an even bigger media platform.

Campbell Brown, Head of News Partnerships at Facebook, confirmed last week it’s developing a subscription service for publishers willing to post articles directly to Facebook Instant Articles, rather than their native websites.

Also Read: 3 Ways Facebook Can Jump Into the News Business
Getty

1 of 6

Tech is increasingly intertwined with news, for better or worse

Tech leaders are increasingly intertwined with the news business. While some want to support old properties, one set out to destroy a new one. Here they are.

View In Gallery

6 Tech Giants Shaking Up News, From Jeff Bezos to Laurene Powell Jobs (Photos)

7DAYFREETRIAL

7
DAY
FREE
TRIAL