Password guru updates advice for consumers

Thursday, August 24, 2017 - 11:53 by Mike Price

When signing up to sites that provide shopping online, or any number of other web-based services, users will generally be expected to create a password which contains a mixture of letters, characters and symbols. Sometimes this is enforced by the site, with the ‘strength’ of a password gauged automatically.

The problem is that this makes passwords hard to remember, but now new guidance provided by the researcher who originally laid out the template for login security that is so ubiquitous today suggests that a different approach is better.

According to the Independent password expert, Bill Burr, admitted that the advice he originally published 14 years ago is not only unhelpful, but woefully out of date. This is because the scale of the threats that people face online today is much greater than it was in 2003.

Burr now ascribes to the view that the length of a password is far more important than its randomness, meaning that longer passwords which are easier to remember are more preferable than a cavalcade of unrelated letters and symbols.

The fight back against complexity in favour of length may be slow at first, but eventually it seems likely that more sites will switch to this new approach.

The reason that longer passwords are more secure is that it decreases the ease with which they can be cracked using the kind of cryptographic methods that cybercriminals rely upon today. In addition, people are quite bad at picking truly random passwords, even when asked to do so, which further explains the need for change.

Of course there are still plenty of sites and services which do not enforce any particular restrictions on password choice, so consumers need to lead the way when it comes to embracing more secure habits.