A strong password has at least one capital letter, one number, and one special character, right? Not according to Bill Burr, who devised those rules as a manager at the National Institute of Standards and Technology in 2003. Now retired, Burr tells the Wall Street Journal that he regrets much of his original guidance, including the use of odd characters and routine password changes. Meanwhile, NIST now suggests a lengthy phrase that’s unique but easy to remember–echoing a classic XKCD comic from a few years ago–with no need to change passwords unless there’s evidence of a security breach. Whether your bank will stop nagging you to insert needlessly crazy symbols into your password from here on is another matter.
Recognize your brand’s excellence by applying to this year’s Brands That Matter Awards before the early-rate deadline, May 3.
