Scrap everything you know about strong passwords and do this instead

Scrap everything you know about strong passwords and do this insteadScrap everything you know about strong passwords and do this insteadYou know the drill make a password with a hodgepodge of special characters, numbers, and letters, then change it periodically or just ignore change alerts until a hacking scandal suddenly arises.You may want to rethink your strategy.FollowLadders on FlipboardFollow Ladders magazines on Flipboard coveringHappiness,Productivity,Job Satisfaction,Neuroscience, andmoreBill Burr, the man behind how we commonly think of devising passwords, recently told The Wall Street Journal,much of what I did I now regret.The password creation shakeupThe retired 72-year old was reportedly a manager atThe National Institute of Standards and Technology (NIST) back in 2003 when he wrote NIST Special Publication 800-63. Appendix A, featuring the password guides weve held true for years now.According to The Wall Street Journal, this included, namely, the rule that passwords should be a combinationof numbers, special characters, and uppercase letters, which you change every 90 days.Why is Burr changing his tune years later?He reportedly had to produce the rules quickly and wanted them to be based on research, but he had no empirical data on computer-password security. So he turned to a white paper from the 1980s.Burrtold The Wall Street Journalthat his advice has led people astray becausethose rules were probably too challenging for many to understand and caused people to use passwords that were not toodifficult to crack.In June, the NIST releasednew guidelines, which dont call for special characters or changing passwords frequentlyanymore. Instead, the NIST says the rules now preach long, easy-to-remember phrases and just coming up with new ones if there is a sign they may have been stolen.Axkcd comicby Randall Munroe from achter monat des jahres 2011 shows that figuring out the password Tr0ub4dor3 would take three days to solve, according to the carto onists calculations, compared to the words correct horse battery staple typed as a single word, which would take a staggering 550 years to solve. Computer-security specialists found this to betrue.Be careful changing passwordsYou may also want to rethink how often you update your password. This practice can place us at risk if we take the wrong approach.When we repeatedly change passwords,we dont always change them properly.Professor Alan Woodward of the University of Surrey told BBC News that NIST publications have a far reach, giving the rules a long lasting impact. But he also mentioned a rather unfortunate effectFor example, the more often you ask someone to change their password, the weaker the passwords they typically choose. . . . And, as we have all now so many online accounts, the situation is compounded so it encourages behaviours such as password reuse across systems.Steer clear of these password optionsSo if youre looking to change your password soon, dont pick these.Spl ashData, which supplies password management applications, released the 2015 version of its Worst Passwords List.Here arethe top 10 worst ones featured1. 1234562. password3. 123456784. qwerty5. 123456. 1234567897. football8. 12349. 123456710. baseballMorgan Slain, CEO of SplashData commented on the findings in a statement.We have seen an effort by many people to be more secure by adding characters to passwords, but if these longer passwords are based on simple patterns they will put you in just as much risk of having your identity stolen by hackersAs we see on the list, using common sports and pop culture terms is also a badeanstalteanstalt idea. We hope that with more publicity about how risky it is to use weak passwords, more people will take steps to strengthen their passwords and, most importantly, use different passwords for different websites.Embracing the new way of thinking when it comes to passwords just might keep your online accounts out of harms way.Scrap everything you k now about strong passwords and do this insteadYou know the drill make a password with a hodgepodge of special characters, numbers, and letters, then change it periodically or just ignore change alerts until a hacking scandal suddenly arises.You may want to rethink your strategy.Bill Burr, the man behind how we commonly think of devising passwords, recently told The Wall Street Journal,much of what I did I now regret.The password creation shakeupThe retired 72-year old was reportedly a manager atThe National Institute of Standards and Technology (NIST) back in 2003 when he wrote NIST Special Publication 800-63. Appendix A, featuring the password guides weve held true for years now.According to The Wall Street Journal, this included, namely, the rule that passwords should be a combinationof numbers, special characters, and uppercase letters, which you change every 90 days.Why is Burr changing his tune years later?He reportedly had to produce the rules quickly and wanted them to be ba sed on research, but he had no empirical data on computer-password security. So he turned to a white paper from the 1980s.Burrtold The Wall Street Journalthat his advice has led people astray becausethose rules were probably too challenging for many to understand and caused people to use passwords that were not toodifficult to crack.In June, the NIST releasednew guidelines, which dont call for special characters or changing passwords frequentlyanymore. Instead, the NIST says the rules now preach long, easy-to-remember phrases and just coming up with new ones if there is a sign they may have been stolen.Axkcd comicby Randall Munroe from achter monat des jahres 2011 shows that figuring out the password Tr0ub4dor3 would take three days to solve, according to the cartoonists calculations, compared to the words correct horse battery staple typed as a single word, which would take a staggering 550 years to solve. Computer-security specialists found this to betrue.Be careful changing passw ordsYou may also want to rethink how often you update your password. This practice can place us at risk if we take the wrong approach.When we repeatedly change passwords,we dont always change them properly.Professor Alan Woodward of the University of Surrey told BBC News that NIST publications have a far reach, giving the rules a long lasting impact. But he also mentioned a rather unfortunate effectFor example, the more often you ask someone to change their password, the weaker the passwords they typically choose. . . . And, as we have all now so many online accounts, the situation is compounded so it encourages behaviours such as password reuse across systems.Steer clear of these password optionsSo if youre looking to change your password soon, dont pick these.SplashData, which supplies password management applications, released the 2015 version of its Worst Passwords List.Here arethe top 10 worst ones featured1. 1234562. password3. 123456784. qwerty5. 123456. 1234567897. football8 . 12349. 123456710. baseballMorgan Slain, CEO of SplashData commented on the findings in a statement.We have seen an effort by many people to be more secure by adding characters to passwords, but if these longer passwords are based on simple patterns they will put you in just as much risk of having your identity stolen by hackersAs we see on the list, using common sports and pop culture terms is also a bad idea. We hope that with more publicity about how risky it is to use weak passwords, more people will take steps to strengthen their passwords and, most importantly, use different passwords for different websites.Embracing the new way of thinking when it comes to passwords just might keep your online accounts out of harms way.