All You Need To Know About New Password Guidelines
21-Aug-2017 10:04 AM
You must be familiar with the tedious process of coming up with a strong password- one that has numbers, special characters, and different cases. To add to it, there is a rule which states that changing your password every month and keeping them different across various platforms would keep you away from the hacker trap.
Well, the author behind the Password Bible, IT Expert, Bill Burr has gone back on his word. Over time, he realized that some of the tips he came up with weren't actually helpful, and might even cause more harm than good. As technology continued to evolve, it led to an unexpected turn of events - the growth of cyber crimes.
Elaborate computer passwords don't keep hackers away. We do it all day every day; logging onto our computers, apps, emails, social media and racking our brains to remember password after password. This only drives people bananas and they struggle to come up with strong passwords.
Rather than improving security, this only ends up making it easier for hackers. The reason being, people usually make minor tweaks to their passwords such as add a number or letter or two to make it easier to remember. Addre55@1 to Addre55@2 doesn't keep hackers away! And when lots of people use a similar pattern, attackers have something predictable to aim at. What you don't realize is that these are called 'transformations.'
Aware of this lazy although convenient move, hackers have taken advantage and use it in their password-cracking routines. Hackers also use 'brute force' cyber attacks in which a computer cycles through every possible combination of characters to guess a password.
So what are the new guidelines?
National Institute of Standards and Technology (NIST) now recommends using long passwords with four words or paraphrases against shorter ones with numbers, letters and special characters. Paraphrases (for eg: horsesbarnstraddlehome) are advised since they are both easy to memorize for humans and their length makes breaches more difficult for computers. Also, passwords only need to be changed if there are signs that the account has been breached or the password was stolen.
If you want to find out if your account has been compromised with, you should check out the new 'Have I Been Pwned' website, a tool for searching if your password is among those hacked ones that need changing.
Phew! Finally, a good enough reason to ignore that Herculean task of creating strong passwords!