Wouldn’t you know! We were going full tilt boogie here with our recent blog series on Passwords, when all of a sudden – Breaking News! New info shook the very foundation of EVERYTHING we had been taught about creating a strong, safe password! Let’s get you caught up to speed.
Back in 2003, Bill Burr was a mid-level manager for the National Institute of Standards and Technology, NIST. At that time, he put forth a set of “best-practices” guidelines for crafting strong passwords. And now, some fourteen years later in the August 2017 Wall Street Journal article, “The Man Who Wrote Those Password Rules Has a New Tip: N3v$r M1^d!,” Bill Burr says that he regrets much of what he originally authored.
Okay, so why does this matter and what do you need to know about it? We’ll break things down and make sure you know the key points of the NEW gold standard in password protection.
What Could Possibly Go Wrong?
The bottom line is that several of the suggested guidelines Bill Burr authored in 2003 led computer users to adopt some bad password habits. It’s these habits that have made passwords, in many ways, easier to hack.
Keep in mind, when “someone” sets to work hacking an online account, that “someone” is not a person. It’s a computer program or tool; one specifically designed by a hacker (a person or group) to break your code. And these password hacker bots are relentless! Some of the ones out there include brute-force or dictionary attack tools like Aircrack-in, Cain and Abel, Rainbow Crack, and wait for it… John the Ripper. Think we are kidding? Wish we were!
Bad Password Habits to Break Now
What Makes Us So Hackable?
Human beings are rather predictable creatures. When we were advised to use special characters, one number, and capital letters in our “strong” passwords, many of us made similar (predictable/hackable) choices. Out of necessity, laziness, or the overwhelm inherent in having SO many online accounts, we inadvertently made ourselves much more vulnerable.
Keep reading and we will help you fix that!
So many of us are likely guilty of one or more of these Bad Password Habits. If any of this looks familiar to you, you will want to pay careful attention. Well get into the new guidelines and most current recommendations in short order.
First, let’s look at something that until August 2017, was considered a generally strong password: Y3llowT@xi456!
Looks strong enough. What makes it so easy to crack? Well, each item in the list below, makes this password far more predictable and easy to breach. How many of these Bad Password Habits below have you used when creating your passwords?
6 Bad Password Habits
You Must Break Them all Today!
- First letters of the words are capitalized – Yellow Taxi
- Using a sequential string of numbers – 456
- Ending a password in a punctuation – !
- Substituting special characters or numbers for letters – @ for “a” or 3 for “e”
- Choosing two words that are associated with each other – Yellow Taxi
- Using one password for multiple accounts – Don’t do it!
There’s a great irony here. When a password is tough for us to remember, with its symbols, numbers, and capital letters, because of our human tendencies to make these predictable choices, it’s actually easier for a computer to hack. Go figure!
Yes There is More You Need to Know
Think this covers all the ways in which our passwords were vulnerable? Think again!
In October’s blog post, we’ll cover a couple more old 2003 guidelines that we’ve likely all been following. You will learn how they make us easier hacking targets AND we’ll let you know what to do NOW that Best Practices for strong passwords have changed.
This blog contains general information and is not meant to apply to a specific situation. Please seek advice of counsel before proceeding as each case is unique.