Complicated Passwords Are Going To Be A Thing Of The Past
It seems like every few months we have to make a new password for something. And it always has to be really complicated — numbers, question marks, capital and lowercase letters — and you’re supposed to have different passwords for each online account. It gets crazy really fast.
Those complicated passwords are going to be a thing of the past. The National Institute of Standards and Technology, or NIST, recently revised its guidelines for creating passwords.
NIST senior standards and technology adviser, Paul Grassi, says they’re working to streamline digital security and create a password system you can use on all websites.
“I think everyone is fatigued with a number of counts that they have whether it's the number of accounts they have in the private sector or the number of calls they have to transact business with the government," Gassi said.
The new password guidelines suggest creating something simple and memorable. And the system will allow for you to pick nearly any kind of character.
"We also allowed for any character type — character set. So if you wanted to password set of all emojis, then by all means go for it," Gassi said.
Grassi said that it ended up being more of a headache for users than for hackers. Changing passwords every few months meant that people would find work arounds like swapping numbers and letters.
"I'm sure you've done it. I've done it. We change one character when it's time to change a password after expiration and, if you're like me, you probably just work yourself and muster right across the keyboard in changing that one character and the bad guys already know this. They already know to substitute one for an L or a five for an S or to put an exclamation point at the end of a password. They know that that's what we do. We're humans and we're fallible," Gassi said.
Grassi says the passwords will be longer but more memorable, like a sentence or saying that has meaning to you. And they won’t need to expire unless there is a security breach. And don’t forget you can use just about any kind of characters you like including emojis.
The guidelines are intended first for federal agencies. Grassi says that only congressional organizations are required to follow these new guidelines. It will be up to private businesses to decide if they’ll adopt them too.