The Guy Who Invented Those Annoying Password Rules Now Regrets Wasting Your Time

        The man in question is Bill Burr, a former manager at the
        National Institute of Standards and Technology (NIST). In
        2003, Burr drafted an eight-page guide on how to create secure
        passwords creatively called the "NIST Special Publication
        800-63. Appendix A." This became the document that would go on
        to more or less dictate password requirements on everything
        from email accounts to login pages to your online banking
        portal. All those rules about using uppercase letters and
        special characters and numbers--those are all because of Bill.
        The only problem is that Bill Burr didn't really know much
        about how passwords worked back in 2003, when he wrote the
        manual. He certainly wasn't a security expert. And now the
        retired 72-year-old bureaucrat wants to apologize.  "Much of
        what I did I now regret," Bill Burr told The Wall Street
        Journal recently, admitting that his research into passwords
        mostly came from a white paper written in the 1980s, well
        before the web was even invented. "In the end, [the list of
        guidelines] was probably too complicated for a lot of folks to
        understand very well, and the truth is, it was barking up the
        wrong tree."

 - - -

Lauren Weinstein ( 
Lauren's Blog:
Google Issues Mailing List:
Founder: Network Neutrality Squad: 
         PRIVACY Forum:
Co-Founder: People For Internet Responsibility:
Member: ACM Committee on Computers and Public Policy
Tel: +1 (818) 225-2800
--- Impeach Trump ---
pfir mailing list

Reply via email to