Menu
unilab heat transfer software blog secure passwords simple complex

Secure passwords: simple or complex?

Although the issue of IT security should be a top priority for everyone, when you try to create new passwords or replace your old ones there is often a moment of panic: for the simple reason that more and more services require the use of complex (or extremely complex) codes, composed of letters, numbers, special characters, upper and lower case. In some cases, you must also select completely different alphanumeric sequences from those used previously.

Since 2003, in order to ‘build’ secure codes people have followed the guidelines suggested in NIST Special Publication 800-63. Appendix A, written by a member of the National Institute of Standards and Technology of the USA Bill Burr. This manual includes rules and guidelines (developed by the above-mentioned expert and subsequently demonstrated using algorithms) for the generation of numeric sequences considered to be efficient and secure.

The problem is however, that Burr has always relied on the assumption that complex words and alphanumeric sequences were more secure than simple words and alphanumeric sequences. This theory was overturned in a recent interview published in the Wall Street Journal, in which the same expert explained that he now regrets having obliged users to rack their brains in order to create difficult and improbable codes.

This change of mind was justified by Burr’s explanation that any short word used can be cracked in a short space of time using a so-called ‘brute force attack’; (despite our efforts) that strategy apparently allows precisely the shorter more complex words to be identified more easily than longer words made up of normal characters only.

For this reason, NIST has issued a new manual, inviting users to adopt pass phrases.  These must contain complete phrases using common and familiar words, which can be remembered more easily. Examples such as I_don’t_remember_the_secret_word’ or ‘no_access_to_strangers’ are certainly more difficult to deduce or crack.

These are the latest developments we should be aware of in order to protect our personal IT security: changes to keep up to date with in order to render our work or private passwords un-decipherable. To find out more, we suggest that you refer to the new NIST manual.

 

Translated by Joanne Beckwith

Alice Sommacal

I am a Project Manager, Journalist, and a Blogger who is Passionate about writing. I believe that in every phrase there is scope for improvement and that every original version of a text should be perfected, by fine-tuning the words until a truly special result is achieved. It is thanks to these views that I have learnt the Difference between being Ordinary and Extraordinary: an abyss, which anyone wishing to satisfy their readers cannot afford to overlook.

→ Alice Sommacal

Related Posts

This website uses cookies to enhance your browsing experience and ensure the site functions properly. By continuing to use this site, you acknowledge and accept our use of cookies.

Accept All Accept Required Only