You are here Home » Tech » How To's » The guy who created ‘Strong Password’ requirements made a fatal mistake

The guy who created ‘Strong Password’ requirements made a fatal mistake

by Felix Omondi
password

I get it; passwords are essential aspect of our digital assets. Still, that doesn’t make me hate passwords any less; I hate the delay one has to go through entering your password. Things get worse when it is a ‘Strong Password.’

You know, that type of password that requires you use a combination of lower case, upper case, some numbers, and arbitrary symbols to make your password strong. I bet I am not the only one who after creating a ‘strong password’ and access my account, I have completely forgotten whatever text strings I used in my password.

Thank God for applications like LastPass and OnePass that will automatically generate for you ‘strong password’ and go further to remember it for you every time you want to log into that account.

Too much hype about ‘Strong Password’ as they’re not as secure

This entire business of ‘Strong Password’ requirement began with one man, Bill Burr when he was working for the National Institute of Standard and Technology. Back in 2003, he was tasked with coming up with a password guideline that will protect the masses from brute force attack from hackers.

Well, now almost 15 years down the line, Burr reckons he made a fatal mistake in his guideline. A mistake that renders the so called ‘strong password’ not as strong as he had envisioned. Burr made this admission during an interview with the Wall Street Journal.

Burr says the problem is not in the guideline he gave, of one using a combination of lower case, upper case, random numbers, and symbols, but the fact that almost everyone uses a very predictable pattern in coming up with their respective combination. Ideally, strong password requirements dictate one comes up with a hard to guess combination of alphanumeric. However, the harder to guess the password is, the harder to remember it becomes.

Most people come up with one ‘strong password’ that they also use in other multiple different accounts. They pick the first word that crosses their mind, substitute some few letters with numbers where a zero becomes O and 1 becomes an exclamation point. Then you proceed thinking now you have a hard to guess password, but simple enough to always remember.

The only problem with that is hackers will make informed guesses during their brute force attack on you. Chances are, you are going to use a word(s) closely associated with you, and then do a tweak on it to satisfy the requirement of a strong password. The hackers know this too well, and in fact, it is their first line of attack during brute force attacks.

You are better off letting trusted password manager services handling this task for you. They create truly strong passwords for your different accounts and will remember them for you.

You may also like