Thursday, March 4

Everything you knew about passwords might be wrong


Digital security is important and one of the most basic ways of protecting yourself is by setting secure passwords on your devices and accounts. When setting up a password, there have been certain rules that many of us have abided by, including using a combination of numbers, letters and special characters. Well, according to Bill Burr, the man who originally came up with the password rules that we, he admits that his advice might have been incorrect.

In an interview with The Wall Street Journal, Burr  says that things like changing your password every 90 days doesn’t work because most people end up making minor changes to their existing passwords such as changing P@ssword to P@ssw0rd1, which does little to keep hackers at bay. Using a combination of letters, numbers, upper case letters and special characters is also a no no.

Experts at the National Institute of Standards and Technology (NIST) have published a new set of recommendations for creating secure passwords, here are some of the do’s and don’ts:


  • Make your password at least 8 characters long. 
  • Consider making it even longer. The NIST says that service providers (websites and platforms) should allow passwords of up to 64-characters. This might seem like an impossibly lengthy password to remember but actually allows you the opportunity to create passphrases (a sequence of words such as RickAndMortyIsBetterThanGameOfThrones) which are more difficult to crack.
  • Make your password as long as you’d like (within reason of course).
  • Use a password manager. There are many password managers available such as LastPass, Dashlane, RoboForm and TrueKey.


  • Use special characters. All those @’s, $’s, and &’s that you’ve used religiously as password requirements, get rid of them. You don’t need them anymore. They only make it harder to remember your actual password, and in reality they don’t actually make it any stronger.
  • Use password hints. Password hints are trouble because they make it easier for strangers to guess your password, so don’t use them.
  • No more password reset questions. “What was the name of your first pet” is not exactly the most difficult thing to find out, yet that’s exactly what some services require for a password reset. Skip them.
  • Use repetitive or sequential characters. Things like “123467” and “bbbbbbbbb” have to go.
  • Make your password the name of the service. If your Netflix password is “yournameNetflix” then you’re doing it wrong. Don’t use the name – or any derivation of it – in your password.

About Author

Comments are closed.