Complex ‘passwords’, not very helpful for security

When creating a password on an Internet site, make it as difficult as possible and use special characters in uppercase and lowercase.
However, this doesn’t really help security.

[If you don’t want to be hacked, create a password using uppercase letters, lowercase letters, numbers, and special characters.]
There is someone who said.
Bill Burr, the author of these password generation rules.

When he worked at the National Institute of Standards and Technology in 2003, he made a report that contained password generation rules to be followed to protect accounts.

This document has spread throughout the US government, large corporations, etc., and has become a password guideline, most of which follow worldwide.

But Bilber’s shock confession, which made this

[Bill Burr / Wall Street Journal Interview (August 7, 2017): I regret a lot of what I did… ]

regret… ? What’s wrong with regretting making a rule?

The rules he created proved to be ineffective in increasing security.
The idea to mix special characters or numbers was to make the password more complex and harder for hackers to hack, because people created passwords in a very simple way to mix and match special characters. When creating a password, simply add an exclamation mark or question mark to the end.

Even the use of special characters alone did not enhance security.

Changing passwords every 90 days was also ineffective, with no major changes, such as changing only one digit.
When you find signs of hacking attempts, changing your password is enough.
As such, Bill’s rules weren’t very helpful for security, they were hard to remember and inconvenient to type.

The Korea Internet Security Agency also revised its password generation guidelines last year.

Changed from mixing eight or more characters by mixing three or more characters to only mixing two or more characters, and saying that you do not have to mix characters when you create a password of ten or more characters.

[Precious one minute and one second.]
It’s a lot easier for the user, but wouldn’t it have been a waste of time to create and enter passwords according to Bill’s rules?

Posted in: IT

Leave a Reply