In 2003, Bill Burr, a manager at the U.S. National Institute of Standards and Technology, wrote an 8-page paper titled "NIST Special Publication 800-63. Appendix A." That document — which suggested people come up with obscure passwords with capital and lower-case letters plus symbols and change their passwords often — became the cornerstone of corporate password management and internet security conventional wisdom for more than a decade. Now, Burr, 72 and retired, has a confession and an apology, The Wall Street Journal reports. "Much of what I did I now regret," he said.
When he wrote those guidelines, Burr tried to find empirical data to base his recommendations on, but there wasn't any available; he also says he was under pressure to complete his paper quickly. But thanks to years of massive hacks and leaked passwords, researchers can see what kind of passwords people are using, and it turns out, people aren't as clever or original as they think. "Changing Pa55word!1 to Pa55word!2 doesn't keep the hackers at bay," notes the Journal's Robert McMillan.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
-
5 sunny-side up cartoons about egg pricesCartoons Artists take on inflated prices, double standards, and more
-
'Swimming in the sky' in northern BrazilThe Week Recommends The pools of Lençóis Maranhenses are clear and blue
-
An ailing Pope Francis – and the vultures circling in the VaticanTalking Point Caught between his progressive inner circle and an influx of conservatism, the Holy Father should 'brace' himself for a battle
-
Chinese AI chatbot's rise slams US tech stocksSpeed Read The sudden popularity of a new AI chatbot from Chinese startup DeepSeek has sent U.S. tech stocks tumbling
-
US port strike averted with tentative labor dealSpeed Read The strike could have shut down major ports from Texas to Maine
-
Biden expected to block Japanese bid for US SteelSpeed Read The president is blocking the $14 billion acquisition of U.S. Steel by Japan's Nippon Steel, citing national security concerns
-
Judges block $25B Kroger-Albertsons mergerSpeed Read The proposed merger between the supermarket giants was stalled when judges overseeing two separate cases blocked the deal
-
Rupert Murdoch loses 'Succession' court battleSpeed Read Murdoch wanted to give full control of his empire to son Lachlan, ensuring Fox News' right-wing editorial slant
-
Bitcoin surges above $100k in post-election rallySpeed Read Investors are betting that the incoming Trump administration will embrace crypto
-
Enron mystery: 'sick joke' or serious revival?Speed Read 23 years after its bankruptcy filing, the Texas energy firm has announced its resurrection
-
US charges Indian tycoon with bribery, fraudSpeed Read Indian billionaire Gautam Adani has been indicted by US prosecutors for his role in a $265 million scheme to secure solar energy deals
