Password Rules
Have Changed
Remember
the old password requirements? Minimum eight characters. No words. At least one
of each type of character, lowercase, uppercase, number and symbol. The more
random the better. G5#epN2: the perfect password. Impossible to guess.
Impossible to remember. And you have to change it at least every three months
(in a work environment anyway).
Fast
forward to today. The experts at NIST have evolved the recommendations over the
years. Now they request at least 15 characters. I say, the more, the better. I
typically don’t stop at 15. Do you still need the four kinds of characters? Not
really. It helps with the complexity angle, but length trumps complexity.
Every. Time. The obstacle you’re going to run into is whether the web site or
service you’re logging into lets you not use capitals, numbers and symbols.
The new
strategy is passphrases. Seemingly unrelated words strung together mean
something to you, but unlikely to mean anything to anyone else. For example,
the phrase ‘mackayianrockyhiker’ probably means nothing to you, but it sure
does to me, and it would be super easy for me to remember. BitWarden’s password
strength tester rates that combination as strong. Well then – mission
accomplished
In all
seriousness though, you shouldn’t be trying to remember countless passwords
anyway. That’s what a password manager app is for. It will change your life,
because you only have to remember one password. Experts don’t ask you to change
passwords anymore either, unless they are critical accounts with lots of high-level
access.
Karl Plesz
Your
Productivity Guru
Click here to the Montgomery Community News home page for the latest Montgomery community updates.
