• Skip to primary navigation
  • Skip to main content
  • Skip to footer
TechLila

TechLila

Bleeding Edge, Always

  • Home
  • About
  • Contact
  • Advertise
  • Deals and Offers
Techlila
Share
Tweet
Share
Pin
1 Shares
Do Not Ignore Cyber Essentials
Up Next

6 Reasons Why Your Business Can't Afford to Ignore the Cyber Essentials

How to Overcome Bill Burr’s Faulty 2003 Password Advice

TechLila Security

How to Overcome Bill Burr’s Faulty 2003 Password Advice

Avatar for John Hannah John Hannah
Last updated on: October 11, 2019

The year was 2003 when former National Institute of Standards and Technology manager Bill Burr laid down the law on how people should create masterful passwords that would stand the test of time and be unbreakable for nefarious elements of the Internet.

His password advice for the masses was twofold and massively flawed.

Step 1: Use irregular capitalization, special characters, and at least one number to turn common phrases into harder-to-solve ones. An unfortunate example from 16 years ago was “P@ssW0rd123!” which is a play on password123, one of the most commonly recognized terrible choices for a password in the entire world.

Step 2: Change your passwords regularly, at least once every 90 days. Burr’s advice was written up in a very official sounding report called “NIST Special Publication 800-3. Appendix A” and adopted around the world by companies, colleges, governments, and individuals.

Burr’s Two Oversights

Burr’s first mistake was encouraging people to use known words with different permutations of replacement characters and irregular capitalization rules. Not only is it a bad idea to use variations of known words, but it results in lots of people using the exact same techniques, giving hackers the ability to guess certain predictive traits that can lead them to be able to guess lots of passwords with the same criteria.

The second mistake was the worse of the two. Picking one password at one time usually has a person giving their best effort because it’s the first time doing it. When 90 days have passed and it’s time for another password, the employee is likely to be busy doing lots of other things and is not nearly as interested in dedicating a lot of time and effort into picking another equally strong password. In fact, they are far more likely to just slightly alter their current password to make it easier to remember. For instance, if a junior employee Lily originally picks the password ‘IloveMonkeyz00” when she signed on to a new company, her most likely password replacement 90 days later is “IloveMonkeyz01”.

The Better Solution

Instead of trying to remember a series of complicated passwords for all of your online accounts, the best solution is to employ a password manager like Dashlane. Password managers take the memorization frustration out of your individual user accounts by loading all of those complicated passwords into one third-party vault that you control with one master password. The master password is formulated much like you want your individual passwords formulated. You take a series of words, characters, and numbers that are unique to you and would be very difficult for anyone else to guess. This is the only password you will have to remember for the duration of the time you use the Password Manager. Whenever you want to sign on to one of your other accounts, you’ll only need to remember the Master Password, which will in turn cue the vault to enter the correct user name and password for the individual site and open up your access.

Sharing is Caring

Share
Tweet
Share
Pin
1 Shares
Avatar for John Hannah

John Hannah

John Hannah is a part-time blogger. He likes to travel a lot.

Category

  • Security

Tags

Reader Interactions

Oops! There are no Comments

Have something to say about this article? Add your comment and start the discussion.

Add Your Comment Cancel reply

Your email address will not be published. Required fields are marked *

Footer Logo Footer Text Logo

Footer

About

Hello and welcome to TechLila, the famous technology blog where you can find resourceful articles for mastering the basics and beyond.

At TechLila, our main goal is to provide unique information, such as quality tips and tricks, tutorials, how-to guides on Windows, Macintosh, Linux, Android, iPhone, Security and a few miscellaneous sub-topics such as reviews.

Links

  • About
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms

Follow

Cloud hosting by Cloudways

WordPress CDN by MaxCDN

© Copyright 2012-2019 TechLila. All Rights Reserved.