The man responsible for most of your password headaches was wrong, and he's sorry
In 2003, Bill Burr, a manager at the U.S. National Institute of Standards and Technology, wrote an 8-page paper titled "NIST Special Publication 800-63. Appendix A." That document — which suggested people come up with obscure passwords with capital and lower-case letters plus symbols and change their passwords often — became the cornerstone of corporate password management and internet security conventional wisdom for more than a decade. Now, Burr, 72 and retired, has a confession and an apology, The Wall Street Journal reports. "Much of what I did I now regret," he said.
When he wrote those guidelines, Burr tried to find empirical data to base his recommendations on, but there wasn't any available; he also says he was under pressure to complete his paper quickly. But thanks to years of massive hacks and leaked passwords, researchers can see what kind of passwords people are using, and it turns out, people aren't as clever or original as they think. "Changing Pa55word!1 to Pa55word!2 doesn't keep the hackers at bay," notes the Journal's Robert McMillan.
In June, NIST published a revised version of Burr's document, with much of his advice excised. After expecting to do a light edit, "we ended up starting from scratch," says Paul Grassi, who led the two-year review and rewrite. Now, the best practice is to come up with a long and easy-to-remember password and change it only if there's evidence of a security breach. In a widely shared cartoon, Randall Munroe accurately estimated that a Burr-type password like "Tr0ub4dor&3" could be cracked in three days, while four common words jammed together — "correcthorsebatterystaple" — would take 550 years to crack. You can go change your passwords now, and read more at The Wall Street Journal.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
Create an account with the same email registered to your subscription to unlock access.
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
Peter has worked as a news and culture writer and editor at The Week since the site's launch in 2008. He covers politics, world affairs, religion and cultural currents. His journalism career began as a copy editor at a financial newswire and has included editorial positions at The New York Times Magazine, Facts on File, and Oregon State University.
-
Today's political cartoons - September 14, 2024
Cartoons Saturday's cartoons - a second debate, Europe on the menu, and more
By The Week US Published
-
5 cleverly clashing cartoons about the presidential debate
Cartoons Artists take on a deepfake debate, winners and losers, and more
By The Week US Published
-
The Pélicot case: a horror exposed
Talking Point This case is unusually horrifying, but the misogyny that enabled is chillingly common
By The Week UK Published
-
Empty-nest boomers aren't selling their big homes
Speed Read Most Americans 60 and older do not intend to move, according to a recent survey
By Peter Weber, The Week US Published
-
Brazil accuses Musk of 'disinformation campaign'
Speed Read A Brazilian Supreme Court judge has opened an inquiry into Elon Musk and X
By Rafi Schwartz, The Week US Published
-
Disney board fends off Peltz infiltration bid
Speed Read Disney CEO Bob Iger has defeated activist investor Nelson Peltz in a contentious proxy battle
By Rafi Schwartz, The Week US Published
-
Disney and DeSantis reach detente
Speed Read The Florida governor and Disney settle a yearslong litigation over control of the tourism district
By Peter Weber, The Week US Published
-
Visa and Mastercard agree to lower swipe fees
Speed Read The companies will cap the fees they charge businesses when customers use their credit cards
By Peter Weber, The Week US Published
-
Reddit IPO values social media site at $6.4 billion
Speed Read The company makes its public debut on the New York Stock Exchange
By Peter Weber, The Week US Published
-
Housing costs: the root of US economic malaise?
speed read Many voters are troubled by the housing affordability crisis
By Peter Weber, The Week US Published
-
Feds cap credit card late fees at $8
speed read The Consumer Financial Protection Bureau finalized a rule to save households an estimated $10 billion a year
By Peter Weber, The Week US Published