Password Security Bible fails to curb Cyber Attacks!

0
21

Bill Burr’s bible on password security which was introduced to the world in 2003 has failed to curb cyber attacks. This was admitted by Bill in his recent interaction with Wall Street Journal.

While working for US government, Mr. Burr wrote a password bible to help guide the digital world on the safest practices to go online. Bill’s guidance was to change the password on a frequent note- say for every 60-90 days; use numbers and include alphabetic symbols and try capital letters.

In the year 2004, White House issued an initiative to government organizations to practice what is said by Bill when it comes to login-credentials.

However, Bill regrets now for what he said at that time. He now feels that his guidelines are now being used by cyber crooks to hack easier.
Bill Burr who was an author of NIST Special Publication 800-63-Appendix A; cites his research as a big mistake which in fact led to the bizarre password combinations such as su55ess1 and d0lla3s.

Bill feels that his research never improved security and in fact made computer networks less secure. As online users will land up using the same password repeatedly or will end up writing them down on notes to remember.

Users who followed his advice have landed up changing their password which minor changes such as replacing number 1 with 2 which did not help them in any way when it comes to online security.

As simple tweaks to passwords lead to simple text transformations, hackers are well aware of such tricks and so can build them into scripts in an easy way.

Even use of numbers in the combination of building a password doesn’t help these days. As hackers can use ‘brute force’ cyber attacks to guess the right password from millions of characters.

Bill believes that long passwords that contain 4 words are much harder to break than shorter ones with a mix of alphanumeric and special characters.

Paul Grassi, a technology advisor working for NIST, advises people to use long but easy to remember ‘passphrases’ that do not need to feature special characters or numerals.

Agree or disagree with what is being said…?

Then you can share your mind through the comments section below.

SHARE
Naveen Goud is a writer at Cyber Security Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security