What a surprise. I often wondered when I was working why my company thought 
requiring a password change every 90 days was a good idea. Since the main 
problem with passwords is that a large part of the user group simply don't 
manage passwords well, this approach just ensured that folks would resort to 
post-it notes and other reminders to keep up with their passwords. Hardly very 
secure. Sometimes it seems that those writing these advisory white papers 
either haven't thought through the human behavioral aspects of their topic or 
they simply have no common sense to interject into it.

Alan Lemly

-----Original Message-----
From: viphone@googlegroups.com [mailto:viphone@googlegroups.com] On Behalf Of 
M. Taylor
Sent: Wednesday, August 09, 2017 10:38 PM
To: viphone@googlegroups.com
Subject: Password expert says he was wrong: Numbers, capital letters and 
symbols are useless: USA Today

Password expert says he was wrong: Numbers, capital letters and symbols are 
useless By Ashley May

USA TODAY Cybersecurity experts say certain password rules are ineffective.
Here is some of the latest advice on setting and resetting them. Time The man 
who said use capital letters, special characters and numbers in your password 
is now taking back that advice. (Photo: hanieriani, Getty
Images/iStockphoto) The man behind the 2003 report responsible for many current 
password guidelines says the advice is wrong. Bill Burr, the author of an 
8-page publication released by the National Institute of Standards and 
Technology, told The Wall Street Journal his previous advice of creating 
passwords with special characters, mixed-case letters and numbers won't deter 
hackers. In fact, he told the journal,'the paper wasn't based on any real-world 
password data, but rather a paper written in the 1980s. 'Much of what I did I 
now regret,' Burr told The Wall Street Journal . The problem is that federal 
agencies, businesses and institutions took the paper seriously'very seriously. 
The report turned into password protocol. Today, even though Burr's report was 
updated in June, we are still prompted to change our password every 90 days 
using at least one capital letter, symbol and number. These combinations aren't 
secure,'mainly because people choose predictable combinations. The advice about 
frequently changing a password has been criticized since the report. A 2010 
study by the University of North Carolina at Chapel Hill showed that updating 
passwords often can actually help hackers identify a pattern. Another study 
from Carleton University said frequent changes are more inconvenient than 
helpful. The better solution could be to simply use a password with four random 
words, because the number of letters can be more difficult to hack than a small 
combination of letters and special characters, the Journal reports. Finally, a 
good reason to ignore those password prompts and come up with one we can 
actually remember. Follow Ashley May on Twitter: @AshleyMayTweets 

Original Article at:
https://www.usatoday.com/story/news/nation-now/2017/08/09/password-expert-sa
ys-he-wrong-numbers-capital-letters-and-symbols-useless/552013001/


--
The following information is important for all members of the V iPhone list.

If you have any questions or concerns about the running of this list, or if you 
feel that a member's post is inappropriate, please contact the owners or 
moderators directly rather than posting on the list itself.

Your V iPhone list moderator is Mark Taylor.  Mark can be reached at:  
mk...@ucla.edu.  Your list owner is Cara Quinn - you can reach Cara at 
caraqu...@caraquinn.com

The archives for this list can be searched at:
http://www.mail-archive.com/viphone@googlegroups.com/
---
You received this message because you are subscribed to the Google Groups 
"VIPhone" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to viphone+unsubscr...@googlegroups.com.
To post to this group, send email to viphone@googlegroups.com.
Visit this group at https://groups.google.com/group/viphone.
For more options, visit https://groups.google.com/d/optout.

-- 
The following information is important for all members of the V iPhone list.

If you have any questions or concerns about the running of this list, or if you 
feel that a member's post is inappropriate, please contact the owners or 
moderators directly rather than posting on the list itself.

Your V iPhone list moderator is Mark Taylor.  Mark can be reached at:  
mk...@ucla.edu.  Your list owner is Cara Quinn - you can reach Cara at 
caraqu...@caraquinn.com

The archives for this list can be searched at:
http://www.mail-archive.com/viphone@googlegroups.com/
--- 
You received this message because you are subscribed to the Google Groups 
"VIPhone" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to viphone+unsubscr...@googlegroups.com.
To post to this group, send email to viphone@googlegroups.com.
Visit this group at https://groups.google.com/group/viphone.
For more options, visit https://groups.google.com/d/optout.

Reply via email to