Menu

Your password is bad and you should feel bad

We all have regrets. Dong Nguyen regrets creating the mind numbingly addictive game Flappy Bird. John Sylvan feels responsible for the environmental affects of coffee pods. I regret that brief period in the eighties I had a rats tail.

And Bill Burr regrets making your life difficult with his password advice.

Burr, who is now retired, was once a manager at National Institute of Standards and Technology. In 2003, wrote an eight-page password document that recommended we all use passwords packed with upper case letters, lower case letters, numbers and random symbols.

He’s the reason why you have passwords like E48t8**/K and P$5oW21g.

He is the devil.

Burr’s theory was that the more complex a password is, the longer it will take for a bot to guess it. For example:

catheters: This password would be cracked in five seconds or less.

CaThEters: Add in a few uppercase letters and it is going to take 19 hours to beat.

CaTh3t3rs: Change some of the letters to numbers and suddenly it is going to take four days to access.

C@Th3t3rs: If we use symbols as well then the time blows out to 4 weeks.

Unless you’re changing your passwords every four weeks, evenĀ C@Th3t3rs isn’t going to survive an attack.

Not only that, butĀ C@Th3t3rs is a hard password to remember. And since the average person has over 30 different passwords it is no wonder that 37% of us forget our passwords at least once a week.

So what is the better solution?

Instead of complicated passwords, choose long passwords. Make your password an easy to remember sentence. For example,

Catheters are the original streaming device.

Remove the spaces and you have a password that would take 128 quattuordecillion years to guess and can be remembered very easily.

128 quattuordecillion years, coincidentally, is how long it will take for me to forgive Bill Burr for years of banging my head on my keyboard trying to remember my passwords.

Nicholas J. Johnson is a Melbourne expert on con artists and scams.

 

Back to the Scamopedia

Leave a Reply

Your email address will not be published. Required fields are marked *