by Howard Haykin

That’s because Bill Burr, the former National Institute of Standards and Technology (NIST) manager who convinced the world 14 years ago to adopt new methodologies for creating strong passwords, realized that his rules did little for security. So, as The WSJournal puts it, “N3v$r M1^d!”

In an interview with The WSJournal (subscr reqd), Mr. Burr expressed his regrets for giving that advice. Not that his advice was flawed. It’s just that such advice was way too complicated for the everyday computer user, who typically creating passwords that hackers and computer algorithms could readily predict. [However, in deference to Mr. Burr, his advice did hold up for more than 10 years – which, in this era of advancing technology, is a lifetime.]

Say, for example, a person devised a seemingly secure password - “N3wY0rk123!” Yet, it is inherently weak because it was created with the exact same technique that most people tend to use when creating such digital combo passwords. And, when it came time to change passwords, people would compound the problem by switching to something like “N3wY0rk456!”

Going forward, NIST has done away with the old advice and is now suggesting that people use long, easy-to-remember phrases. [See NIST Special Publication 800-63-3: “Digial Identity Guidelines”] And, as far as changing passwords, it's suggested that users do so ONLY if there's a sign they may have been stolen.