We all use passwords for security purposes. How should they be composed? Following is an article that recently appeared in the Wall Street Journal. If you read it, then you can decide if you should or want to change your passwords.
I volunteer at the Prescott Library helping people with questions/issues with their Apple products, and password problems (forgotten, mostly) account, I bet, for over half the problems people are having.
Jim Hamm
Never Mind Old Password Rules… Wall Street Journal 8/8/17 p. A-1 Expert who touted mixing letters, digits, symbols now regrets it
BY ROBERT MC MILLAN
“The man who wrote the book on password management [now says]: He blew it… Back in 2003, as a midlevel manager at the National Institute of Standards and Technology, Bill Burr was the author of ‘NIST Special Publication 800-63. Appendix A.’ The 8 page primer advised people to protect their accounts by inventing… new words… with obscure characters, capital letters and numbers— and to change them regularly. The document became… the go-to guide for federal agencies, universities and large companies looking for a set of password-setting rules to follow…
“The problem is the advice ended up largely incorrect, Mr. Burr says. Change your password every 90 days? Most people make minor changes that are easy to guess… Also off the mark: demanding a letter, number, uppercase letter and special character such as an exclamation point or question mark… ‘Much of what I did I now regret,’ said Mr. Burr, 72 years old, who is now retired…. In June, Special Publication 800-63 got a thorough rewrite, jettisoning the worst of these password commandments… The new guidelines… drop the password- expiration advice and the requirement for special characters… Long, easy-to-remember phrases [are now recommended] over crazy characters, and users should be forced to change passwords only if there is a sign they may have been stolen, says NIST, the federal agency that helps set industrial standards in the U.S….”
“Academics who have studied passwords say using a series of four words can be harder for hackers to crack than a shorter hodgepodge of strange characters… In a widely circulated piece, [it was] calculated it would take 550 years to crack the password ‘correct horse battery staple,’ all written as one word. The password Tr0ub4dor& 3—a typical example of a password using Mr. Burr’s old rules—could be cracked in three days, according to… calculations, which have been verified by computer-security specialists…”