Geeks2U Promise
We guarantee you'll love our fast, friendly service - or we'll refund your money.  
133,572 Happy Customers & Counting
Need tech support?
1300 769 448
Extended hours, 7 days a week
Home  /  geekspeak  /  Time to relearn all your password rules

Time to relearn all your password rules

Closeup of Password Box in Internet Browser

For just about any online service you’d care to name, you’re going to be requested to set up a password in order to securely access those services. This may be for a relatively trivial reason, such as one-time access to a site you’re not sure you’re going to use regularly, or something far more serious such as your online banking.

Either way, you’ve probably been hit by a set of password rules that required you to, generally, pick a unique password (always important) with at least one capital letter and one number as part of the combination. There’s a reason why those rules have permeated across the internet which can be traced back to a US security document from 2003, which laid out the (at the time) understood best practice for password creation.

There’s just one problem. The rules that were laid down then were built on both a limited understanding of passwords, and an even more limited subset of “bad” passwords to work from, most of which dated from the 1980s. They recommended, amongst other things, that passwords should be regularly changed, as frequently as every 90 days.

For many of us, this has led to really lax practices, such as re-using passwords across multiple sites, or using really simple ciphers such as appending a number (usually a 1) to the end of a new password to make it easy to remember. Many folks adopted the use of numbers to replace letters, so that “e” becomes “3”, “A” becomes “4” and “O” becomes “0”, for example.

There’s a big problem here, because that creates a recipe for passwords, and it’s one that, especially as processing power has grown, has been ever easier for computers to crack. The author of the original password document now states that they’re not terribly suitable for human beings to use, because they promote passwords that are hard for humans to remember, but easy for hackers to crack.

So what’s the solution? The new rules being proposed change up the way that traditional passwords were thought of.

Out with mandatory numbers, because we’re (generally) lazy and always tend to append them to the ends of our passwords.

Out too, with forced changes of passwords, because that should only be necessary if there’s a known breach of a given service or site.

Users should be encouraged to use passphrases, because you can generally remember a phrase much more easily than a random jumble of letters, whether it’s a song lyric, a poetry phrase or simply a string of words that you happen to like and can find memorable.

Of course, you can still mix it up a little and, for example, use methods such as Diceware, where you roll dice to pick words from a random list, or use acronyms based on the lyrics of your favourite song.

The new rules also stipulate password lengths of up to 64 characters, but before you panic at that length, they also suggest allowing password fields to support pasting in passwords. That means they should work with password managers such as Dashlane, 1Password or Keepass, and that’s good news if you have many passwords to remember, as so many of us do.

With a decent password management app, all you need is one decent passphrase or password, and then you can let the app do the calculations and creation of new passwords for you on the fly, unlocking the app with your master password and pasting in new passwords as needed.

FacebookTwitterGoogle+Share

Recent News

googleimages

Google has become so synonymous with searching the internet that it’s commonly used as a verb when describing searches of all types. It’s not just simple text searches that Google has near market domination of, either, with searching facilities across popular news sites, videos, shopping and images. Google really does want to be the one-stop… More 

5g-logo-1k

You’re probably aware that your smartphone runs on either a 3G or 4G network, although you may be a little fuzzy on what those terms actually mean. You may even be aware that there’s a lot of talk about “5G” at the moment, again without being totally across the potential of a 5G future. When… More 

Windows 10 S

When Microsoft launched its Surface Laptop, it also used the occasion to launch Windows 10 S, a more secure but significantly more locked-down version of its popular operating system. Windows 10 S will only run apps available from the Windows Store, which means many popular applications that you may run every day simply aren’t available… More 

homepod

Apple has recently announced the availability of its first “smart” speaker, the Apple Homepod, set to go on sale on the 9th of February in Australia for $499, in the UK for £319 and in the US for $349 respectively. In the smart speaker space, that immediately marks the HomePod as a premium priced option,… More