The IT expert responsible for suggesting that people use complex passwords and change them regularly has said that he regrets the advice - adding it “drives people bananas”.
Bill Burr wrote the guidelines for password security for the US National Institute of Standards and Technology back in 2003 and suggested passwords were changed every three months and should include a range of characters.
Websites have a multitude of password requirements with some needing passwords including upper and lower case letters, while others ask for non-alphanumeric characters such as question marks and percentage signs.
Speaking to the Wall Street Journal, Mr Burr said: “Much of what I did I now regret.
“It just drives people bananas and they don’t pick good passwords no matter what you do.”
So now that we’ve been told the current advice is wrong, what does actually constitute a strong password?
Well there are two immediate things that can make all the difference. The latest advice is that passwords should be a collection of random phrases that only a human could come up with.
A perfect example would be “leekeatingrabbitstorm”. It makes zero sense and would take a computer millions and millions of guesses to get right.
The next thing you need to do is if your account supports it, set up two-factor authentication. This effectively means that if someone does guess your password they’ll still need to enter a special code delivered to your smartphone.
Finally, and this is only if you’re looking to be really secure, it might be worth investing in a password manager like 1Password/LastPass or Keeper Security. These apps are incredibly easy to use and can create incredibly complex passwords that can be copied and pasted from the app.