Security specialist, who taught the world to come up with complex passwords, acknowledged that he was wrong

2017-10-16 21:46

Security specialist, who taught the world to come up with complex passwords, acknowledged that he was wrong
American bill Burr explains why complex passwords and frequent changes don’t work, and gives a new Parliament.

Sign up for news “UkrMedia” in Facebook or Twitter

Specialist in Internet security bill Berra know in the West as the author of “Bible password” — a set of recommendations, which became the basic rules of protection of personal data in the world wide web, reports Rus.Media. A strong password must contain upper and lower case letters, numbers and other symbols, and it needs to be changed every three months — with this dogma we have been living for a dozen years. It’s time to look at it critically.

In larger organizations, the account passwords are created by the administrators. It’s really complicated passwords to read them-that is impossible (for example, they may be of some consonants and numbers), respectively, and to remember easy. After some time the user will certainly learn a long combination. Until then the password will probably be written on a yellow piece of paper taped to the monitor.

More often people come up with the passwords themselves for themselves, subject to the requirements of the services on which they are registered. Well, they in turn want the password contains a million characters and other registers-numbers-badges. But users will always do as they see fit.

The simplest example is to turn the word password (password) on the P@55w0rD, or something like that. And remember it is possible and all requirements are met. But as a tool of the security of a password is ineffective. To break it with modern tools is easy. In addition, the user, once making up a complex combination, most likely, will use it on several resources, making himself even more vulnerable to hackers.

Frequent change of password is also ineffective. Users change “password1” to “пароль11”, and these quite useless movements do not make their data more secure.

Recommendation bill Berra was published in 2003. Since then, many of them have lost relevance, and our dependence on Internet safety have increased. Internet banking, registration with the dozen resources, personal and work documents in the cloud, purchasing using smartphones — all this requires from us a more serious attitude to your password. But this does not mean that soon you will have to do and remember the more even more complex combinations.

Thank you progress for two-factor authentication and password managers, but there is a way to do normal password is reliable enough. Here the new Parliament Berra: think “pass-phrase”. Yes, do password you understand the phrase, throwing out her spaces. No tricks with figures and the register is not necessary. For example, to crack a password like ilovemysiteukrmedia, will take years, and that punch seemed reliable P@р0лb-1, the minutes.