By: Brett Mahoney
Know how passwords are annoyingly difficult to remember and frequently change? That is changing. The National Institute of Standards and Technology finally revised its’ guidelines on how passwords should be created. They have found that previous standards, like complex passwords and forced password resets have caused passwords to be weaker, as people choose easier to crack passwords. One of the major changes is that it is no longer recommended to force passwords to change after a set period. While it is still good practice to change your passwords time to time, forced password changes every 90 or 180 days is a thing of the past.
Another change is moving away from forced complexity. It is recommended to have longer passwords or even passphrases (i.e. “FairoaksITisthebestITcompanyever”) than short complex ones. This helps memorization, so people will limit the post it notes I’ve seen on most computer monitors (and yes you, I know your password is underneath your keyboard). This is more of a security risk than the example I gave above.
Having passwords that are memorable, not frequently changing, and higher in entropy is the best recommendation. The password above without special characters or numbers would take, at the quickest: 26.48 million trillion trillion centuries. A password like FaIr0@ks would take less than two minutes.
Now, the caveat: No, do not have your name, birthdate, or anything easily guessable by others for your password. See below for the top most common passwords.
- 123456
- 123456789
- qwerty
- 12345678
- 111111
- 1234567890
- 1234567
- password
- 123123
- 987654321
Don’t be like those people. Be smart with your passwords. Your productivity, identity, and memories rely on them.
