You may not be familiar with Bill Burr, but chances are he has had an impact on your day today. His guidelines for password security are the reason that in all probability you are adding an exclamation mark to the end of your memorable (or in reality, not so memorable) ‘secret’.
The crazy thing is that Bill Burr’s NIST (United States National Institute for Standards and Technology) guidelines were drafted almost 15 years ago. To place that in context, Windows XP had not long been launched, it would be eight years before we could get our hands on an iPad, and two years before our souls were sold to Facebook!
In an In an article published by The Independent this week, Mr Burr is quoted as saying: “It just drives people bananas and they don’t pick good passwords no matter what you do.”
The problem isn’t with Mr Burr’s set of 15-year-old recommendations per se. It is the case that the vast majority of organisations, large and small, have not moved on from using passwords. Every day, new, exciting and innovative online services are launched around the world, but still they insist on a username and password to access them. What is crazy, last year it was reported that NIST would be publishing new guidelines for password policies, so mark 2023 for the next official advice!
Earlier this week, we highlighted how the chances of choosing a password that has not been Pwned (compromised) is getting tougher by the day. The file is currently at 306 million and counting. So, surely the time has come to stop rewriting the rulebook and start a new one. Instead of a one-size-fits-all approach that doesn’t work for anyone, we need to embrace innovation. We do so in every other aspect of our lives, so why not passwords.
To discover just how different the world could be, check out Authlogics.
Author: Kamber Devjianie, Authlogics