Forget about complicated PASSWORDS: Experts claim that THESE are the most secure
According to new guidelines from the US National Institute of Standards and Technology, passwords should not be complicated, but long.
When we come up with a new password, a large number of sites and platforms require us to meet certain conditions such as the use of characters, numbers and upper and lower case letters. However, complicated passwords are officially no longer a best practice, nor is changing them regularly, according to experts.
According to the latest guidelines published by the American National Institute of Standards and Technology (NIST), the current method has made passwords less secure, and everyone who wants to ensure the security of their accounts and information systems should adhere to the new recommendations.
Complicated passwords are less secure
The recommendation to use complicated passwords really seems like a good idea. Mixing numbers, characters, and lowercase and uppercase letters can make it significantly more difficult for malicious actors to guess or “crack” the password we come up with. However, the complexity proved to be counterproductive, and in practice actually weakened the security of our accounts.
Lozinka (Unsplash)
As NIST finds, these complications are difficult for users to remember, leading many to use the same password for multiple sites or to resort to predictable behavior such as replacing letters with similar-looking numbers and symbols. For example – “P@ssw0rd123”.
Users were further “pushed” towards this pattern of behavior by organizations that required them to change their passwords regularly, which NIST no longer recommends.
Long, not complicated passwords
Password security is often measured by entropy, i.e. a measure of unpredictability. A greater number of characters means a greater number of possible combinations, and therefore greater entropy, which makes it even more difficult for attackers to “break” our passwords.
Complicated passwords do increase entropy, but as computing power increases, it becomes easier for attackers to crack them. Instead, NIST now recommends using long passwords, writes SmartLife.
Using more characters exponentially increases the number of possible combinations, and even if we didn’t use punctuation, numbers or capital letters in our passwords, advanced algorithms would have a significantly harder task to guess them, and we would remember them easier. You’ll admit, it’s much easier to remember the password “blackhatbluejacketpantswhiteshoes” than a combination like “Kq2vB.HH!zSUzDnq585”.
Unfortunately, although many sites and platforms require us to use a complicated password, very often they limit us in the number of characters we are allowed to use. That’s why NIST, in addition to recommending the use of long passwords that are not changed often, also recommends that users be given the option of entering up to 64 characters when coming up with a new password.
Source: SmartLife
Photo: Freepik/Unsplash
Source: bizlife.rs
