The man responsible for the widespread requirement that passwords include letters, numbers and special characters is now walking back that advice.
While working for the National Institute of Standards and Technology in 2003, Bill Burr wrote “NIST Special Publication 800-63. Appendix A” — a document that included the widely adopted recommendation that strong passwords should include a range of characters and should be changed every 90 days.
“Much of what I did I now regret,” Burr, 72, told the Wall Street Journal in a recent interview, adding that the recommendation made for complicated passwords.
“It just drives people bananas and they don’t pick good passwords no matter what you do,” he said.
A re-write of “Special Publication 800-63” in June changed the guidelines. It now suggests that users create passwords with long, easy-to-remember phrases and should not be forced to change their passwords as frequently. Some studies have shown that passwords that include four words can be harder to crack than a smaller combination of characters, the Journal reported.