Skip to Content

Guy who wrote the bible on passwords: I was wrong

With cybercriminals always on the attack, it can be difficult keeping our critical data and online accounts safe. Hackers worldwide have been stealing and selling billions of usernames and passwords for years. That’s why it’s extremely important to stay vigilant and follow security guidelines.

In an effort to keep accounts secure, people have been creating hard-to-remember passwords, using upper and lowercase letters, numbers and special characters for years. Now, the person who came up with those guidelines said that we’re doing it all wrong.

Are your account passwords weak?

We’re talking about someone that you’ve probably never heard of. His name is Bill Burr and he used to work for the U.S. government.

He is considered to be a password guru and created the “bible” on passwords in 2003. Burr is responsible for coming up with those crazy password-creating rules as well as suggesting to change your passwords often, at least every three months.

He said his original advice was wrong. He told The Wall Street Journal that he regrets his original advice because passwords created with those guidelines are often easier to hack.

Instead of having improved security, Burr’s guidelines could make it weaker. Users would end up using the same password over and over again after 90 days, simply changing one number at the end. Sometimes they would even write their passwords down on paper so they could remember them, leaving them exposed to anyone in the area.

How to create stronger passwords

Burr explained that there’s an easier and better way to make your passwords virtually unguessable. Instead of using a combination of symbols, letters and numbers, he is recommending that your passwords be a long phrase, one that only you will find easy to remember.

We’ve actually given you this advice before. In fact, here’s one of our articles telling you about a “passphrase” generator that will create them for you if you can’t think of any on your own.

“Passphrases” are actually better at keeping you secure than Burr’s original guidelines. They should contain at least four words. Something like, “I love pizza with a thin gluten free crust.” Or, “I’ll never forget my first red bicycle.”

One researcher discovered that it would take over 500 years to crack the password “correcthorsebatterystaple.” It would only take a hacker 3 days to crack the password “Tr0ub4dor&3,” which was created using the old rules.

Clearly, it’s time to start using passphrases. When you create one, NEVER share it with anyone! Oh – and change it only when it’s been compromised. Follow this procedure and you will be as safe from hackers as possible.

More stories you can’t miss:

One mistake people make using public Wi-Fi that lets everyone see their files

Common security risks every smartphone user should know about

Turn this Windows service OFF right now! It leaves you vulnerable to attacks

Stop robocalls once and for all

Robocalls are not only annoying, but they scam Americans out of millions every year. Learn Kim's tricks for stopping them for good in this handy guide.

Get the eBook