All publications
The Password Guru Got It All Wrong!

The Password Guru Got It All Wrong!

September 15, 2017

How many times have we entered a website and been asked to enter a new password which is at least 8 characters long and contains 1 capital letter, 1 number and 1 symbol like “@”? We end up with a password that is impossible to remember. The temptation is to use an easily-hacked word and/or to record it on a piece of paper stuck to the wall above our computer.

At least we “know” (assuming no one copies it from the wall) that we have a “secure password”.

This type of password was invented by Bill Burr in 2003 and became accepted globally. Mr Burr is now a retired US government computer expert.

The problem is that he admits now this was all a mistake and says it takes less than one minute for sophisticated cyber hackers to crack a password such as “P@55w0rd”.

It can however take up to a trillion years to crack a passphrase such as “mydoghasnonosehowdoeshesmell”. If you take a passphrase you are familiar with, then it will be relatively easy to remember.

Why not see who can come up with the best passphrase for your office or family?  Choose something easy to remember – how about “getlostcybertoffeenosedbothacker”?

Seriously, consider changing your password. There will be confusion as many IT consultants will almost certainly stand by current password methodology; and some sites will continue to insist on symbols and capitals. Speak to an IT consultant you trust if you have any further queries.

Share this article