So great news, guys! Sort of! Turns out changing your password every [specific period of time] is no longer necessary. Bill Burr (not this guy) the man who first authored the new password standards and protocols for NIST (the National Institute of Standards and Technology) in 2003.
An excerpt:
“Another recommendation is to favor long phrases, rather than short passwords with special characters. There should no longer be a requirement to have a certain mix of special characters, upper case letters and numbers for a password. It turns out that adding in these artificial password restrictions actually produced less secure passwords. Additionally (and unsurprisingly), the guidelines recommend screening passwords against commonly used passwords or ones that have been compromised.”
Basically, just think up an answer to a question only you’d know (eg, didwegetliceinneworleans) and you’re pretty much set. But probably you should read the actual NIST publication, not my quick recap of it. And no, we did not, one of us just had bad dandruff.
Leave a Reply