The man who first recommended putting them there is not so sure. Appendix A, which was the initial document to suggest these guidelines. But it's never too late to start with strong security practices.
Following this guidance, one might create a password like "P@sswrD1!" that looks complex but is easy to guess, thanks to such common substitutions.
Academics who have studied passwords say using a series of four words can be harder for hackers to crack than a shorter hodgepodge of unusual characters-since having a large number of letters makes things harder than a smaller number of letters, characters and numbers. I can't remember what the password is and have to reset it to see one thing or make one comment. Human words with letters that make a sentence, for example.
"The amount of pain it causes is not commensurate with the overall value of it, which is not as great as you might think, because there are so many ways of attacking passwords that have come to the forefront now where it doesn't matter how good the password is", Burr said.
Burr told The Wall Street Journal that his advice has led people astray because those rules were probably too challenging for many to understand and caused people to use passwords that were not too hard to crack. Without much to go on he sourced a whitepaper written in the 1980s. Most people have passwords to access their email, social media accounts, bank accounts, credit cards accounts, wireless accounts, Google and/or Apple accounts, etc. all of which can be classified as "critical". It is only the length of the password that matters.
Long live the universal password! Computer-security specialists found this to be true.
He reportedly had to produce the rules quickly and wanted them to be based on research, but he had no "empirical data on computer-password security".
"While we don't expect biometric adoption to happen overnight, biometric verification of identity on a personal device will, in one way or another, become a standard identification process". And so the National Institute of Standards and Technology has radically reworked its guidelines. Click on the video to find out what sort of passwords he recommends using today to best defend your information from hackers. Also of note here - these documents are always subject to updates and improvements.
The previous rules did little for security and actually ended up with a bad experience on the user's end who had to remember insane complicated passwords. He basically said he was sorry for wasting our precious time for the past 14 years. "So if you know the pattern and you know that someone is going to have the capital letter in the beginning and the special character at the end, it's easier to guess".