Sorry about it, folks, but apparently everything you know about passwords is wrong.
That’s according to the US’s National Institute of Standards and Technology (NIST).
Timeline for Internet
- June 28, 2017
They’ve just released a finalised draft of a new report which says all that jargon you’ve heard about how you need to fill your passwords with random special characters and unusual capitals is basically a load of nonsense.
The full document is incredibly long so to summarise, we’ve compiled a list of the most important hints and tips that NIST promise will make you safer online and help you remember your passwords.
Win-win or what?
Things you should do:
Make your password at least 8 characters
Short passwords are really easy to guess.
NIST says they’re susceptible to ‘brute force’ attacks as well as ‘dictionary’ attacks which involve computers which simply fire every word in the dictionary into your password box in an attempt to guess.
Make it even longer than 8 characters
NIST recommend that service providers should allow users to make passwords as long as possible.
Basically, as above, the longer your password is, the harder it’ll be to get into it. Why not use the entirety of Homer’s Odyssey for your Facebook password?
Use a password manager
3 Things That Will Change the World Today
Apparently these are really useful for creating unique and tough passwords for every account you own. NIST suggest they’re definitely worth it.
Things that aren’t necessary
You know when you get prompted to change your password every few weeks and you put in a new one and then soon forget what it was because you can only remember the old one? We’ve all been there.
But according to NIST, that’s unnecessary. The only time you need to change your password is if you’ve clicked on a dodgy link, got a computer virus, or been informed that your account has been breached. Otherwise, keep your old password!
Yep, contrary to popular advice special characters like @, $, and £, just don’t work.
Apparently all they do is make remembering passwords harder without making them any stronger. If a hacker is going to try ‘password123’ they’ll probably also try ‘p@$$w0rd123’.
Password reset questions
‘What is your mother’s maiden name?’, ‘What was your first pet called?’
Anyone with even a basic knowledge of your life could work these out so just don’t even bother. Skip ’em!
Surely this shouldn’t surprise anyone but don’t bother with passwords like ‘123456789’ or ‘aaaaaaaaa’ or ‘abcdefghijklmnopqrstuvwxyz’.
They’re the first ones that people try.
Using the name of the service
While it might make your passwords easier to remember, NIST suggests you don’t use the name of the service, your name, or any other identifying details in your passwords.
For example, ‘yournamefacebook’ is a bad password for your Facebook account. Do not do it. Instead, why not try ‘randomstrangersnameTwitter’ as your Facebook password! They’ll never guess that!
So there we go! Now go forth and get those passwords as safe as they can be!