The word 'password' is pictured on a computer screen in this picture illustration taken in Berlin May 21, 2013
The word 'password' is pictured on a computer screen in this picture illustration taken in Berlin May 21, 2013

The man who made passwords so difficult to remember says he regrets almost everything

Bill Burr said that password rules 'drive people bananas'

Andrew Griffin
Wednesday 09 August 2017 08:43
Comments

The man who made your passwords so hard to remember regrets what he did.

IT exxpert Bill Burr said that making people remember long, complicated passwords "drives people bananas".

Nearly 15 years ago, Mr Burr wrote guidelines for password security for the US National Institute of Standards and Technology. It included suggestions that passwords should be changed every three months and be made up of a range of different characters.

That document led to stipulations for computer and online accounts that require people to abide by the rules. But he said that they don't work and people still pick terrible passwords – but now they're just harder to remember.

"Much of what I did I now regret," Mr Burr told the Wall Street Journal.

"It just drives people bananas and they don't pick good passwords no matter what you do."

Many websites have taken up the rules, requiring people to add various bizarre characters to their passwords or forcing them to include numbers as well as capital letters. Some even tell people they need to include special characters like question marks or exclamation marks.

Most won't even let people use a password that doesn't include such complex and difficult-to-remember characters. (Other, more progressive companies like Google have relaxed those restrictions.)

Mr Burr's comments echo those from British spy agency GCHQ, which has said that people should instead use easy passwords and whose security chief even joking that they were impossible for spies to follow.

Experts have been predicting the end of passwords and their replacement with other technology like biometrics, including the fingerprint sensor that has made its way into the iPhone and other handsets. But the long strings of forgettable letters have mostly persisted until those technologies become more widespread.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged in