New recommendations from the National Institute of Standards and Technology call for people to create passwords that are "long, easy-to-remember phrases" -- a series of four or five words mashed together.
(TNS) -- Passwords have become the bane of modern life. All of us struggle to remember dozens of them, and our employers often force us to change them regularly.
Now, thanks to a report in the Wall Street Journal, we know who's responsible for our password frustrations. And we have learned -- to our horror -- that it's all so unnecessary.
In 2003, when Bill Burr was a manager at the National Institute of Standards and Technology, he wrote guidelines for creating safe online passwords. The paper, memorably titled "NIST Special Publications 800-63," became the benchmark, its diktats followed by government agencies, corporations, universities and individuals.
Burr recommended creating passwords that were essentially weird nonsense words, chock-full of special characters and occasional capital letters and numbers. He also said people should change their passwords regularly.
But he was wrong, and he admits it. "Much of what I did I now regret," he says.
It wasn't really his fault. At the time, he was mostly flying blind. He had to rely on common sense as much as technical expertise. Now, 15 years later and after major hacks of corporations such as LinkedIn and Twitter, computer analysts have the data to determine which kinds of passwords work and which don't. And so the National Institute of Standards and Technology has radically reworked its guidelines.
The Wall Street Journal article on the subject is well worth reading, but in case you don't have a subscription, here are a few basic takeaways that could make your life a little easier -- if you can get your company's IT department to adopt them:
So there you go. Pick a few phrases and redo your passwords. Now you'll finally be able to throw away that Post-it note that reminds you what your new password is.
©2017 The Oregonian (Portland, Ore.) Distributed by Tribune Content Agency, LLC.