Cybercrime

Password guru has new advice for keeping your data safe

Whoops. Sorry about the bad advice.

Bill Burr, who advised people to use passwords full of obscure characters, capital letters and numbers, has new advice for keeping your data safe.

 

In an interview with The Wall Street Journal, Burr said a document he created in 2003 on how to create safe and secure passwords was misinterpreted and it's led to a lot of confusion.

HACKERS DEMAND MILLIONS FOR STOLEN HBO DATA

“Much of what I did I now regret,” the 72-year-old Burr told The Journal.

Burr, who is now retired, intended his advice to be for everyday computer users to avoid mistakes and easy-to-predict passwords. Some of these practices include irregular capitalization, using special characters such as a "!" or a "@" and including one number. 

Additionally, the practice of changing a password every 90 days is also outdated, according to a rewritten version of Burr's original eight-page password document, "NIST Special Publication 800-63. Appendix A." Paul Grassi, who helped rewrite the document, said much of what Burr had done needed to be changed.

UK RESEARCHER WHO STOPPED WANNACRY INDICTED IN US 

“We ended up starting from scratch,” Grassi said.

The new guidelines will drop not only the password expiration advice, but also a requirement for using special characters, Grassi noted, while adding they “actually had a negative impact on usability.” 

Now, easy to remember phrases are the preferred method and passwords should only be changed if there is a suspected hack.