New password recommendations worth cheering about

Editor’s note: For those of you reeling from the Vegas shooting last night, I’m right there with you. It’s so hard to understand why people make such devastating choices. Praying for our country and those in mourning today. 

Man, passwords really chap my hide. I hate creating new ones and adding special characters to fulfill some website requirement. And I can’t ever keep them straight, so I’m always guessing wrong and having to click on that “Forgot your password?” link, which results in more garbage in my inbox.

For those who feel the same, it appears there may be a shift in the password recommendations from the pros. According to an NPR report, the National Institute of Standards and Technology suggests that we do away with complicated passwords and instead choose long, but simple ones that read like a phrase or sentence and aren’t loaded with exclamation marks and random numbers and capitalization.

The article states that the passwords we’ve been making have been “easy for bad guys but hard for legitimate users.” Furthermore, they suggest keeping passwords “simple, long, and memorable,” with lowercase letters and real English words. Yay!

The basis for the new recommendation is that longer passwords are harder to crack, and when people have to come up with complicated random passwords, we tend to simply meet the criteria, resulting in shorter passwords. In my own life, I happened to create one password based on an old anecdote, and even though it takes a long time to type, I have always remembered It—and it’s never been hacked.

I’m curious to see how long before different websites will change their own account-creating policies to reflect these recommendations. Do you think they WILL change the requirements at all, or will this suggestion just blow over? •


One thought

  1. Isn’t this way of doing passwords great? Agree that I hope website’s password requirements catch up. My method of late has been to use a phrase but in shorthand (so it isn’t too long) and include special characters and numbers as part of it.
    There was an interesting article in the WSJ about this that gives some of the history behind it, called “The Man Who Wrote Those Password Rules Has a New Tip: N3v$r M1^d!” and the gist is that he had basically no data to work with (because it wasn’t available) and had to sort of use his best judgement. From the article: ‘“Much of what I did I now regret,” said Mr. Burr, 72 years old, who is now retired.’

    Re: Las Vegas. It is just a heartbreaking tragedy.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s