In 2003 Bill Burr compiled a report on choosing a secure password, written when he was a mid level manager at the National Institute of Standards and Technology, in the US.
Back then, his advice was to use use a mix of numbers, uppercase letters and non-alphabetic symbols, and change passwords often, such as every 90 days.
According to the Wall Street Journal (7th August 2017) Mr Burr now says that he regrets his advice, because such passwords have proved easier to hack.
The National Institute of Standards and Technology has now set new guidelines. This is that passwords should be long, which works better because they can still be easy to memorise. They do not need to include special characters or numbers.
For example, passwords comprising four words are much harder to break than shorter ones with a mix of letters, characters and numbers. The updated advice also says that passwords only need to be changed when there is evidence of a security breach.
A cartoon, by Randall Munroe, predicted it would take 550 years for a hacker to crack the password ‘correcthorsebatterystaple’. However, using Bill Burr’s 2003 advice to use a mix of numbers, symbols, upper and lower case letters to create the password ‘Tr0ub4dor&3’, the latter could be hacked in three days.