VIA GIZMODO.COM -
We’ve all been forced to do it: create a password with at least so many characters, so many numbers, so many special characters, and maybe an uppercase letter. Guess what? The guy who invented these standards nearly 15 years ago now admits that they’re basically useless. He is also very sorry.
The man in question is Bill Burr, a former manager at the National Institute of Standards and Technology (NIST). In 2003, Burr drafted an eight-page guide on how to create secure passwords creatively called the “NIST Special Publication 800-63. Appendix A.” This became the document that would go on to more or less dictate password requirements on everything from email accounts to login pages to your online banking portal. All those rules about using uppercase letters and special characters and numbers—those are all because of Bill.
“Much of what I did I now regret,” Bill Burr told The Wall Street Journalrecently, admitting that his research into passwords mostly came from a white paper written in the 1980s, well before the web was even invented. “In the end, [the list of guidelines] was probably too complicated for a lot of folks to understand very well, and the truth is, it was barking up the wrong tree.”
Image: XKCD (published under a Creative Commons 2.5 license)
This is why the latest set of NIST guidelines recommends that people create long passphrases rather than gobbledygook words like the ones Bill thought were secure. (Pro tip: Use this guide to create a super secure passcode using a pair of dice.)
Technology is often an exercise of trial and error. If you get something right, like Jeff Bezos or Mark Zuckerberg have done, the rewards are sweet. If you screw up and waste years of unsuspecting internet users’ time in the process, like Bill did, you get to apologize years later. We forgive you, Bill. At least some of us do.
Read original article at http://gizmodo.com/the-guy-who-invented-those-annoying-password-rules-now-1797643987