The password nightmare: Simple, complicated or passphrases
Experts these days now suggest that using a simple series of words can be harder to crack, than a shorter, stranger formation of characters.
In order to authentic yourself to systems, you are required to enter a password. In theory, this password proves to the system that you are yourself – be it anywhere: Facebook, Twitter or Gmail. But it has become an irritant in today’s online life as choosing the right password can get tedious. Back in 2003, Manager of the National Institute of Standards and Technology (NIST), Bill Burr published an 8-page primer, advising people to protect their accounts with passwords consisting of awkward formation of words with unpredictable characters, signs and numbers and even change them on a regular basis, in order to ensure its strength. This book on password management soon became the go-to guide on password security. Fourteen years later, Burr has come to a conclusion that his guidance was totally wrong.
“Much of what I did I now regret,” 72-year-old Burr, who is now retired told the Wall Street Journal. His advice of changing one’s password every 90 days stands largely incorrect, as most people usually make minor changes, such as altering one or two characters, which are very easy to guess. For example, changing from ‘Pa$$word1,’ to ‘Pa$$word2.’ When Burr initially published the guidance, he did not have access to real-world password data. He tried approaching NIST, with a request to access actual passwords on their networks but they refused. “In the end, it was probably too complicated for a lot of folks to understand very well, and the truth is, it was barking up the wrong tree,” he explains.
Experts these days now suggest that using a simple series of words can be harder to crack, than a shorter, stranger formation of characters. Authorities even began advising companies to stop resetting their passwords, citing the inconvenience that the whole process created. US-based NIST’s password guidelines have now received a thorough update. People are now being advised to use long but easy-to-remember ‘passphrases,’ that does not necessarily feature special characters or numbers. For example, ‘rabbitcarrotstablesaddle,’ would be much harder to crack compared to, ‘P@55w0rd.’ Moreover, users are advised to change their passwords only if there is a sign that indicates that the passwords might have been stolen. "By simplifying your organisations approach to passwords, you can reduce the workload on users, lessen the support burden on IT departments, and combat the false sense of security that unnecessarily complex passwords can encourage" Ciaran Martin, Director General for Government and Industry Cyber Security.
Pick the right password
Avoid refusing passwords: You obviously have more than just one account. It’s generally advisable to choose different passwords for different accounts in order to ensure maximum security.
Don’t combine upper/lower case: For years, users are advised to combine upper and lower case characters and form their passwords. But, it is discovered that they are more easily cracked than you can imagine.
String a few words together: Choosing a longer password does not mean you must make use of a word that has more characters. Instead, string a few words together, such as “bananamilkshakeisthebest.”
Use a password manager: There are a lot of reliable options online that you can choose from, in order to generate secure passwords. They come handy especially if you don’t want to spend too much time selecting the right password.