In 2003, Bill Burr, a manager at the U.S. National Institute of Standards and Technology, wrote an 8-page paper titled "NIST Special Publication 800-63. Appendix A." That document — which suggested people come up with obscure passwords with capital and lower-case letters plus symbols and change their passwords often — became the cornerstone of corporate password management and internet security conventional wisdom for more than a decade. Now, Burr, 72 and retired, has a confession and an apology, The Wall Street Journal reports. "Much of what I did I now regret," he said.
When he wrote those guidelines, Burr tried to find empirical data to base his recommendations on, but there wasn't any available; he also says he was under pressure to complete his paper quickly. But thanks to years of massive hacks and leaked passwords, researchers can see what kind of passwords people are using, and it turns out, people aren't as clever or original as they think. "Changing Pa55word!1 to Pa55word!2 doesn't keep the hackers at bay," notes the Journal's Robert McMillan.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
-
June 22 editorial cartoonsCartoons Sunday’s political cartoons include a SpaceX flight, Bibi pulling Donald Trump toward war, and an ICE agent looking like a bank robber
-
5 bunker-busting cartoons about the Israel-Iran warCartoons Political cartoonists take on Iran waiting for Pete Hegseth to leak war plans and Donald Trump's wish for a Nobel prize
-
Malaysia's delicious food and glorious beachesThe Week Recommends From 'colourful' George Town to the 'jungled interior' of Langkawi, Malaysia is incredibly diverse
-
Economists fear US inflation data less reliablespeed read The Labor Department is collecting less data for its consumer price index due to staffing shortages
-
Crypto firm Coinbase hacked, faces SEC scrutinySpeed Read The Securities and Exchange Commission has also been investigating whether Coinbase misstated its user numbers in past disclosures
-
Starbucks baristas strike over dress codespeed read The new uniform 'puts the burden on baristas' to buy new clothes, said a Starbucks Workers United union delegate
-
Warren Buffet announces surprise retirementspeed read At the annual meeting of Berkshire Hathaway, the billionaire investor named Vice Chairman Greg Abel his replacement
-
Trump calls Amazon's Bezos over tariff displaySpeed Read The president was not happy with reports that Amazon would list the added cost from tariffs alongside product prices
-
Markets notch worst quarter in years as new tariffs loomSpeed Read The S&P 500 is on track for its worst month since 2022 as investors brace for Trump's tariffs
-
Tesla Cybertrucks recalled over dislodging panelsSpeed Read Almost every Cybertruck in the US has been recalled over a stainless steel panel that could fall off
-
Crafting emporium Joann is going out of businessSpeed Read The 82-year-old fabric and crafts store will be closing all 800 of its stores
