1. Lifestyle
August 10, 2017updated 08 Sep 2017 11:49am

A11 th0$e c0mp1ic@t3d pa$$words you’ve b33n u$ing ar3 u$e1ess

By Jack Rear

Sorry about it, folks, but apparently everything you know about passwords is wrong.

That’s according to the US’s National Institute of Standards and Technology (NIST).

They’ve just released a finalised draft of a new report which says all that jargon you’ve heard about how you need to fill your passwords with random special characters and unusual capitals is basically a load of nonsense.

The full document is incredibly long so to summarise, we’ve compiled a list of the most important hints and tips that NIST promise will make you safer online and help you remember your passwords.

Win-win or what?

Things you should do:

Make your password at least 8 characters

Short passwords are really easy to guess.

NIST says they’re susceptible to ‘brute force’ attacks as well as ‘dictionary’ attacks which involve computers which simply fire every word in the dictionary into your password box in an attempt to guess.

Make it even longer than 8 characters

NIST recommend that service providers should allow users to make passwords as long as possible.

Basically, as above, the longer your password is, the harder it’ll be to get into it. Why not use the entirety of Homer’s Odyssey for your Facebook password?

Use a password manager

Apparently these are really useful for creating unique and tough passwords for every account you own. NIST suggest they’re definitely worth it.

Things that aren’t necessary

Constant changes

You know when you get prompted to change your password every few weeks and you put in a new one and then soon forget what it was because you can only remember the old one? We’ve all been there.

But according to NIST, that’s unnecessary. The only time you need to change your password is if you’ve clicked on a dodgy link, got a computer virus, or been informed that your account has been breached. Otherwise, keep your old password!

Special characters

Yep, contrary to popular advice special characters like @, $, and £, just don’t work.

Apparently all they do is make remembering passwords harder without making them any stronger. If a hacker is going to try ‘password123’ they’ll probably also try ‘p@$$w0rd123’.

Password reset questions

‘What is your mother’s maiden name?’, ‘What was your first pet called?’

Anyone with even a basic knowledge of your life could work these out so just don’t even bother. Skip ’em!

Sequential figures

Surely this shouldn’t surprise anyone but don’t bother with passwords like ‘123456789’ or ‘aaaaaaaaa’ or ‘abcdefghijklmnopqrstuvwxyz’.

They’re the first ones that people try.

Using the name of the service

While it might make your passwords easier to remember, NIST suggests you don’t use the name of the service, your name, or any other identifying details in your passwords.

For example, ‘yournamefacebook’ is a bad password for your Facebook account. Do not do it. Instead, why not try ‘randomstrangersnameTwitter’ as your Facebook password! They’ll never guess that!

So there we go! Now go forth and get those passwords as safe as they can be!

Verdict deals analysis methodology

This analysis considers only announced and completed deals from the GlobalData financial deals database and excludes all terminated and rumoured deals. Country and industry are defined according to the headquarters and dominant industry of the target firm. The term ‘acquisition’ refers to both completed deals and those in the bidding stage.

GlobalData tracks real-time data concerning all merger and acquisition, private equity/venture capital and asset transaction activity around the world from thousands of company websites and other reliable sources.

More in-depth reports and analysis on all reported deals are available for subscribers to GlobalData’s deals database.

Topics in this article: