laptop and woman

You likely have been told that to keep your information secure, you must use complicated passwords filled with random numbers and symbols. But now the man who originally came up with such guidelines for passwords is saying he got it wrong.

Bill Burr, who first became an important voice in password security in 2003 while working for the government, says he now realizes that his original guidance may not keep your passwords safer from hackers.

At the time, Burr, who issued what is considered the “bible” of passwords, advised using capital letters, numbers, and nonalphabetic symbols in passwords. By making the passwords more difficult, he said users would be keeping their data more secure from hackers.

But now he says such difficult-to-remember passwords haven’t improved security. In fact, he says the combinations may have even made computer systems less secure. That’s because users end up using the same password repeatedly or writing them down on sticky notes and attaching them to their screens.

Further, adding numbers or symbols to your passwords won’t make them any less vulnerable to cyber attacks, he now says.

“Much of what I did, I now regret,” Burr, who is now retired, told The Wall Street Journal. “In the end, it was probably too complicated for a lot of folks to understand very well, and the truth is, it was barking up the wrong tree.”

He also said his advice to regularly change passwords was mistaken too because for most people they just alter one character (e.g. “username1” becomes “username2”), which does little to deter hackers.

Password guidelines that were originally issued by Burr from the National Institute for Science and Technology have since been updated.

Users are now advised to use long but easy-to-remember “passphrases,” a string of a few words that they can remember with a visual. The password does not need to have special characters or numbers. For example, using a password like “horsecarrotsaddlestable” would take a much longer time for a cyber attack to decipher than “P@55w0rd,” The Telegraph reports.

Also, one of the best ways to protect yourself from hackers is to use two-factor authentication, which will send a text with a code or use an app to verify a login, security experts say.

So much from the experts.  I hope you find this tip on password helpful in your everyday activities on the web.

Thanks for listening.


Claire Richards REALTOR & Assoc. BROKER

Karl Zimmer REALTOR