RE: Password expert says he was wrong: Numbers, capital letters and symbols are useless: USA Today

[Alan Lemly]

What a surprise. I often wondered when I was working why my company thought 
requiring a password change every 90 days was a good idea. Since the main 
problem with passwords is that a large part of the user group simply don't 
manage passwords well, this approach just ensured that folks would resort to 
post-it notes and other reminders to keep up with their passwords. Hardly very 
secure. Sometimes it seems that those writing these advisory white papers 
either haven't thought through the human behavioral aspects of their topic or 
they simply have no common sense to interject into it.

Alan Lemly

-Original Message-
From: viphone@googlegroups.com [mailto:viphone@googlegroups.com] On Behalf Of 
M. Taylor
Sent: Wednesday, August 09, 2017 10:38 PM
To: viphone@googlegroups.com
Subject: Password expert says he was wrong: Numbers, capital letters and 
symbols are useless: USA Today

Password expert says he was wrong: Numbers, capital letters and symbols are 
useless By Ashley May

USA TODAY Cybersecurity experts say certain password rules are ineffective.
Here is some of the latest advice on setting and resetting them. Time The man 
who said use capital letters, special characters and numbers in your password 
is now taking back that advice. (Photo: hanieriani, Getty
Images/iStockphoto) The man behind the 2003 report responsible for many current 
password guidelines says the advice is wrong. Bill Burr, the author of an 
8-page publication released by the National Institute of Standards and 
Technology, told The Wall Street Journal his previous advice of creating 
passwords with special characters, mixed-case letters and numbers won't deter 
hackers. In fact, he told the journal,'the paper wasn't based on any real-world 
password data, but rather a paper written in the 1980s. 'Much of what I did I 
now regret,' Burr told The Wall Street Journal . The problem is that federal 
agencies, businesses and institutions took the paper seriously'very seriously. 
The report turned into password protocol. Today, even though Burr's report was 
updated in June, we are still prompted to change our password every 90 days 
using at least one capital letter, symbol and number. These combinations aren't 
secure,'mainly because people choose predictable combinations. The advice about 
frequently changing a password has been criticized since the report. A 2010 
study by the University of North Carolina at Chapel Hill showed that updating 
passwords often can actually help hackers identify a pattern. Another study 
from Carleton University said frequent changes are more inconvenient than 
helpful. The better solution could be to simply use a password with four random 
words, because the number of letters can be more difficult to hack than a small 
combination of letters and special characters, the Journal reports. Finally, a 
good reason to ignore those password prompts and come up with one we can 
actually remember. Follow Ashley May on Twitter: @AshleyMayTweets 

Original Article at:
https://www.usatoday.com/story/news/nation-now/2017/08/09/password-expert-sa
ys-he-wrong-numbers-capital-letters-and-symbols-useless/552013001/


--
The following information is important for all members of the V iPhone list.

If you have any questions or concerns about the running of this list, or if you 
feel that a member's post is inappropriate, please contact the owners or 
moderators directly rather than posting on the list itself.

Your V iPhone list moderator is Mark Taylor.  Mark can be reached at:  
mk...@ucla.edu.  Your list owner is Cara Quinn - you can reach Cara at 
caraqu...@caraquinn.com

The archives for this list can be searched at:
http://www.mail-archive.com/viphone@googlegroups.com/
---
You received this message because you are subscribed to the Google Groups 
"VIPhone" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to viphone+unsubscr...@googlegroups.com.
To post to this group, send email to viphone@googlegroups.com.
Visit this group at https://groups.google.com/group/viphone.
For more options, visit https://groups.google.com/d/optout.

-- 
The following information is important for all members of the V iPhone list.

If you have any questions or concerns about the running of this list, or if you 
feel that a member's post is inappropriate, please contact the owners or 
moderators directly rather than posting on the list itself.

Your V iPhone list moderator is Mark Taylor.  Mark can be reached at:  
mk...@ucla.edu.  Your list owner is Cara Quinn - you can reach Cara at 
caraqu...@caraquinn.com

The archives for this list can be searched at:
http://www.mail-archive.com/viphone@googlegroups.com/
--- 
You received this message because you are subscribed to the Google Groups 
"VIPhone" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to viphone+unsubscr...@googlegroups.com.
To post to this group, send email to viphone@goo

Re: Password expert says he was wrong: Numbers, capital letters and symbols are useless: USA Today

[christopher hallsworth]

Hello, if possible, I protect my accounts with two factor authentication, two 
step verification, security keys and the like. Basically, a second layer such 
as a randomly generated code, sent by text, as well as my account specific 
password, is my personal best advice. That way, even if someone manages to 
correctly guess your password, they will still be locked out unless they have 
your nominated phone with them. Apple particularly takes this level of security 
very seriously, and is now required for apps to use certain iCloud features, 
such as Microsoft Outlook for Mail, Calendar and People.

> On 10 Aug 2017, at 04:37, M. Taylor  wrote:
> 
> Password expert says he was wrong: Numbers, capital letters and symbols are
> useless
> By Ashley May
> 
> USA TODAY Cybersecurity experts say certain password rules are ineffective.
> Here is some of the latest advice on setting and resetting them. Time The
> man who said use capital letters, special characters and numbers in your
> password is now taking back that advice. (Photo: hanieriani, Getty
> Images/iStockphoto) The man behind the 2003 report responsible for many
> current password guidelines says the advice is wrong. Bill Burr, the author
> of an 8-page publication released by the National Institute of Standards and
> Technology, told The Wall Street Journal his previous advice of creating
> passwords with special characters, mixed-case letters and numbers won't
> deter hackers. In fact, he told the journal,'the paper wasn't based on any
> real-world password data, but rather a paper written in the 1980s. 'Much of
> what I did I now regret,' Burr told The Wall Street Journal . The problem is
> that federal agencies, businesses and institutions took the paper
> seriously'very seriously. The report turned into password protocol. Today,
> even though Burr's report was updated in June, we are still prompted to
> change our password every 90 days using at least one capital letter, symbol
> and number. These combinations aren't secure,'mainly because people choose
> predictable combinations. The advice about frequently changing a password
> has been criticized since the report. A 2010 study by the University of
> North Carolina at Chapel Hill showed that updating passwords often can
> actually help hackers identify a pattern. Another study from Carleton
> University said frequent changes are more inconvenient than helpful. The
> better solution could be to simply use a password with four random words,
> because the number of letters can be more difficult to hack than a small
> combination of letters and special characters, the Journal reports. Finally,
> a good reason to ignore those password prompts and come up with one we can
> actually remember. Follow Ashley May on Twitter: @AshleyMayTweets 
> 
> Original Article at:
> https://www.usatoday.com/story/news/nation-now/2017/08/09/password-expert-sa
> ys-he-wrong-numbers-capital-letters-and-symbols-useless/552013001/
> 
> 
> -- 
> The following information is important for all members of the V iPhone list.
> 
> If you have any questions or concerns about the running of this list, or if 
> you feel that a member's post is inappropriate, please contact the owners or 
> moderators directly rather than posting on the list itself.
> 
> Your V iPhone list moderator is Mark Taylor.  Mark can be reached at:  
> mk...@ucla.edu.  Your list owner is Cara Quinn - you can reach Cara at 
> caraqu...@caraquinn.com
> 
> The archives for this list can be searched at:
> http://www.mail-archive.com/viphone@googlegroups.com/
> --- 
> You received this message because you are subscribed to the Google Groups 
> "VIPhone" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to viphone+unsubscr...@googlegroups.com.
> To post to this group, send email to viphone@googlegroups.com.
> Visit this group at https://groups.google.com/group/viphone.
> For more options, visit https://groups.google.com/d/optout.

-- 
The following information is important for all members of the V iPhone list.

If you have any questions or concerns about the running of this list, or if you 
feel that a member's post is inappropriate, please contact the owners or 
moderators directly rather than posting on the list itself.

Your V iPhone list moderator is Mark Taylor.  Mark can be reached at:  
mk...@ucla.edu.  Your list owner is Cara Quinn - you can reach Cara at 
caraqu...@caraquinn.com

The archives for this list can be searched at:
http://www.mail-archive.com/viphone@googlegroups.com/
--- 
You received this message because you are subscribed to the Google Groups 
"VIPhone" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to viphone+unsubscr...@googlegroups.com.
To post to this group, send email to viphone@googlegroups.com.
Visit this group at https://groups.google.com/group/viphone.
For more options, visit https://groups.google.com/d/optout.

Password expert says he was wrong: Numbers, capital letters and symbols are useless: USA Today

[M. Taylor]

Password expert says he was wrong: Numbers, capital letters and symbols are
useless
By Ashley May

USA TODAY Cybersecurity experts say certain password rules are ineffective.
Here is some of the latest advice on setting and resetting them. Time The
man who said use capital letters, special characters and numbers in your
password is now taking back that advice. (Photo: hanieriani, Getty
Images/iStockphoto) The man behind the 2003 report responsible for many
current password guidelines says the advice is wrong. Bill Burr, the author
of an 8-page publication released by the National Institute of Standards and
Technology, told The Wall Street Journal his previous advice of creating
passwords with special characters, mixed-case letters and numbers won't
deter hackers. In fact, he told the journal,'the paper wasn't based on any
real-world password data, but rather a paper written in the 1980s. 'Much of
what I did I now regret,' Burr told The Wall Street Journal . The problem is
that federal agencies, businesses and institutions took the paper
seriously'very seriously. The report turned into password protocol. Today,
even though Burr's report was updated in June, we are still prompted to
change our password every 90 days using at least one capital letter, symbol
and number. These combinations aren't secure,'mainly because people choose
predictable combinations. The advice about frequently changing a password
has been criticized since the report. A 2010 study by the University of
North Carolina at Chapel Hill showed that updating passwords often can
actually help hackers identify a pattern. Another study from Carleton
University said frequent changes are more inconvenient than helpful. The
better solution could be to simply use a password with four random words,
because the number of letters can be more difficult to hack than a small
combination of letters and special characters, the Journal reports. Finally,
a good reason to ignore those password prompts and come up with one we can
actually remember. Follow Ashley May on Twitter: @AshleyMayTweets 

Original Article at:
https://www.usatoday.com/story/news/nation-now/2017/08/09/password-expert-sa
ys-he-wrong-numbers-capital-letters-and-symbols-useless/552013001/


-- 
The following information is important for all members of the V iPhone list.

If you have any questions or concerns about the running of this list, or if you 
feel that a member's post is inappropriate, please contact the owners or 
moderators directly rather than posting on the list itself.

Your V iPhone list moderator is Mark Taylor.  Mark can be reached at:  
mk...@ucla.edu.  Your list owner is Cara Quinn - you can reach Cara at 
caraqu...@caraquinn.com

The archives for this list can be searched at:
http://www.mail-archive.com/viphone@googlegroups.com/
--- 
You received this message because you are subscribed to the Google Groups 
"VIPhone" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to viphone+unsubscr...@googlegroups.com.
To post to this group, send email to viphone@googlegroups.com.
Visit this group at https://groups.google.com/group/viphone.
For more options, visit https://groups.google.com/d/optout.