TECH

Expert Who Told Us To Create Complicated Passwords Admits He Was Wrong

“It just drives people bananas."

09/08/2017 13:42 BST

The IT expert responsible for suggesting that people use complex passwords and change them regularly has said that he regrets the advice - adding it “drives people bananas”.

Bill Burr wrote the guidelines for password security for the US National Institute of Standards and Technology back in 2003 and suggested passwords were changed every three months and should include a range of characters.

scyther5 via Getty Images

Websites have a multitude of password requirements with some needing passwords including upper and lower case letters, while others ask for non-alphanumeric characters such as question marks and percentage signs.

Speaking to the Wall Street Journal, Mr Burr said: “Much of what I did I now regret.

“It just drives people bananas and they don’t pick good passwords no matter what you do.”

So now that we’ve been told the current advice is wrong, what does actually constitute a strong password?

Well there are two immediate things that can make all the difference. The latest advice is that passwords should be a collection of random phrases that only a human could come up with.

A perfect example would be “leekeatingrabbitstorm”. It makes zero sense and would take a computer millions and millions of guesses to get right.

The next thing you need to do is if your account supports it, set up two-factor authentication. This effectively means that if someone does guess your password they’ll still need to enter a special code delivered to your smartphone.

Finally, and this is only if you’re looking to be really secure, it might be worth investing in a password manager like 1Password/LastPass or Keeper Security. These apps are incredibly easy to use and can create incredibly complex passwords that can be copied and pasted from the app.

Best Password Managers

  • 1 1Password
    1Password is the 'Swiss army knife' of the group. It'll run on almost anything. It's also one of the easiest to use as well thanks to an ultra-simple interface. Rather than using autofill, 1Password uses extensions in Chrome, Firefox and Safari which gives you quick and easy access to your vault on any of your computers. The iPhone app uses Touch ID. This is a great all-rounder for the single user who just wants a complete solution. Price: $49.99 (Single license)
  • 2 Dashlane
    DashLane is the team player out of the three options here. Offering a similar user interface to 1Password, Dashlane is simple to use and powerful to boot. If you run a small business or even a big business however then this could be the service for you. With variable sharing options you can send passwords to colleagues that also have Dashlane while keeping the password secure even from them. All they have to do is accept, and the app will log them in to the service without them ever having to see the login credentials. It'll work on iOS, Android, Mac and Windows. Price: $39.99 per year.
  • 3 LastPass
    LastPass may be last on the list but it's definitely not the least. This is the veteran password manager and as such has the most features. It'll run on every platform and through every site, it's also customisable to a professional degree with support for biometrics and almost any other authenticating technology you can think of. It may be a little more complex to use but once it's set up LastPass is arguably the most flexible in terms of creating a service that you want. Price: $12 per year