Trying to remember a password is frustrating and time consuming, especially when you have to go through the “Forgot Password” resetting process. The more complex the password is, the harder it is to store it in your memory bank. This is why many people choose easier, less complicated passwords to use on their accounts. Well, the 72-year-old man who created the whole nationwide standard password guidelines, now admits that it was nonsense and they won’t prevent us from being hacked. In 2003, Burr wrote up a series of password security guidelines for the National Institute of Standards and Technology. The paper, which lives today as “NIST Special Publication 800-63 Appendix A,” is a lengthy explanation of why non-standard words with random characters, capital letters, and a sprinkling of numbers should be considered the default for digital passwords. Burr’s stance on the entire situation has changed quite a bit since then, and in a recent interview with the Wall Street Journal he admits that he approached the issue in the wrong way. “In the end, it was probably too complicated for a lot of folks to understand very well, and the truth is, it was barking up the wrong tree,” the 72-year-old Burr now says. “It just drives people bananas and they don’t pick good passwords no matter what you do.” Pushing people to secure their accounts with unique and private logins is always a good move, but the result of Burr’s writing and the subsequent adoption of the complex password systems is that most people just pick something short and memorable that satisfies the criteria, making them easy targets for brute force hacks. “Much of what I did I now regret,” Burr says. That’s definitely something you don’t want to hear from someone who influenced the security of your online bank account and medical records. (via BGR)
