Are you overwhelmed by having to remember too many passwords? Why do some experts recommend using special characters like %, $, or @? Do you really have to change your password every 90 days? Which password method will keep your accounts and data safe from hackers?
Do you ever just feel like you’ve fallen into the password abyss?
Welcome to a redux of our blog series, “The Great Password Debate!” We first published this series in 2017. As Cybersecurity Awareness Month 2022 will highlight passwords for an entire week, we decided to bring it out of our archives, dust it off, and clean it up a bit. So, let’s explore passwords!
If you’re sick and tired of being sick and tired of keeping up with password complexity advice — which is to say, maintain dozens of unique special-character passwords that change every 90 days — you’re not alone. Bill Burr, who helped first come up with these password standards for National Institute of Standards and Technology (NIST), is right there in the password abyss with you:
“I have maybe 200 passwords. I can’t remember all those obviously […] It’s probably better to do fairly long passwords that are phrases or something like that that you can remember than to try to get people to do lots of funny characters.”
Currently, most authenticators make users create a combination of numbers, letters and symbols for a “safe” password. However, Mr. Burr has stated recently that he believes making passwords more complicated is NOT the best way to protect your information. He now recommends longer, simpler, and more unique phrases—and, apparently, so do the NIST standards.
So, what are you to do? Go with the tried and true methods of the past ten years, or step out with NIST’s recommended password approach? In this blog series, we’ll delve into this issue, presenting various password rules and seeing how they compare with the latest suggestions from security experts. It promises to be a very L1v3LY D38473.