Password Security: New guidelines shift away from traditional wisdom

New guidance for passwords

BIRMINGHAM, AL (WBRC) - Don’t drive yourself crazy coming up with creative ways to add special characters to every online password.

Cyber security experts are now recommending users think of ways to make their passwords into pass phrases to increase the number of characters they use.

“Using ‘P@$$w01d’ looks very complex to a human because it uses a series of symbols,” Robert Hill of RoundTower Technologies tells WBRC. “A computer does not distinguish between an 'A' and an '@' because it’s just another of the 128 possible characters. To a system trying to break that, it’s not complex at all. No more complex than just a simple ‘password.’”

The trick, according to recent guidance from the National Institute of Standards and Technology, is to make the length of your password longer to increase the number of possible combinations a hacker would have to guess.

“We’re moving to more of a pass phrase. If you’re a dog person, something like ‘dogsrulecatsdrool’ and its number of characters is exponentially longer for a system to be able to randomly create that or to try every permutation of those characters,” said Hill.

The new guidelines from NIST, the U.S. organization charged with deciding best practices in technology fields, emphasize passwords (or pass phrases) should be long, simple and memorable. The hope is that such a move would make it more difficult to crack but also less likely a user will forget and need to reset, constantly bogging down a system’s help desk.

Copyright 2018 WBRC. All rights reserved.