Oops! The Man Who Created Annoying Password Rules Admits His Advice Is Wrong

August 8, 2017

Audiohead | Dreamstime


There’s nothing more frustrating than logging into your account, only to have to change your password. Again.

While most people end up regretting things in life like working too hard and not keeping in contact with friends, password guru Bill Burr’s biggest regret is advising all of us that making your passwords super complicated makes your life easier.

Burr wrote “NIST Special Publication 800-63. Appendix A” in 2003; the 8-page document was deemed the “bible” of password security, stating that we should protect our accounts by adding numbers, symbols and capital letters to our passwords, as well as updating them every 90 days.

Fourteen years and millions of inconvenienced lives later, Burr’s finally admitted those rules are a pretty bad idea. In an interview with the Wall Street Journal, Burr reveals the rules he created have actually made people lazier when it comes to updating their passwords. Complicated passwords are hard for people to remember, but it turns out they’re much easier for computer hackers to crack.

Burr’s original password guide has now been updated to suggest “passphrases,” a sequence of words without numbers or characters. Sorry y’all, “ilovepizzaitssotasty” is taken!