Sorry about it, folks, but apparently everything you know about passwords is wrong.
That’s according to the US’s National Institute of Standards and Technology (NIST).
They’ve just released a finalised draft of a new report which says all that jargon you’ve heard about how you need to fill your passwords with random special characters and unusual capitals is basically a load of nonsense.
The full document is incredibly long so to summarise, we’ve compiled a list of the most important hints and tips that NIST promise will make you safer online and help you remember your passwords.
Win-win or what?
Things you should do:
Make your password at least 8 characters
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataShort passwords are really easy to guess.
NIST says they’re susceptible to ‘brute force’ attacks as well as ‘dictionary’ attacks which involve computers which simply fire every word in the dictionary into your password box in an attempt to guess.
Make it even longer than 8 characters
NIST recommend that service providers should allow users to make passwords as long as possible.
Basically, as above, the longer your password is, the harder it’ll be to get into it. Why not use the entirety of Homer’s Odyssey for your Facebook password?
Use a password manager
Apparently these are really useful for creating unique and tough passwords for every account you own. NIST suggest they’re definitely worth it.
Things that aren’t necessary
Constant changes
You know when you get prompted to change your password every few weeks and you put in a new one and then soon forget what it was because you can only remember the old one? We’ve all been there.
But according to NIST, that’s unnecessary. The only time you need to change your password is if you’ve clicked on a dodgy link, got a computer virus, or been informed that your account has been breached. Otherwise, keep your old password!
Special characters
Yep, contrary to popular advice special characters like @, $, and £, just don’t work.
Apparently all they do is make remembering passwords harder without making them any stronger. If a hacker is going to try ‘password123’ they’ll probably also try ‘p@$$w0rd123’.
Password reset questions
‘What is your mother’s maiden name?’, ‘What was your first pet called?’
Anyone with even a basic knowledge of your life could work these out so just don’t even bother. Skip ’em!
Sequential figures
Surely this shouldn’t surprise anyone but don’t bother with passwords like ‘123456789’ or ‘aaaaaaaaa’ or ‘abcdefghijklmnopqrstuvwxyz’.
They’re the first ones that people try.
Using the name of the service
While it might make your passwords easier to remember, NIST suggests you don’t use the name of the service, your name, or any other identifying details in your passwords.
For example, ‘yournamefacebook’ is a bad password for your Facebook account. Do not do it. Instead, why not try ‘randomstrangersnameTwitter’ as your Facebook password! They’ll never guess that!
So there we go! Now go forth and get those passwords as safe as they can be!