Password experts acknowledge that the past argument was a mistake, "capital letters, numbers and symbols were meaningless"

ByThomas Au

In order to make a password safe, it is thought that it is effective to combine capital letters and lower case letters in alphabet and to add numbers and symbols, but this rule was proposed in the past The expert who said that he is saying that he regrets admitting the mistake of past remarks that "capital letters, numbers and symbols had no meaning".

The Man Who Wrote Those Password Rules Has a New Tip: N3v $ r M1 ^ d! - WSJ
https://www.wsj.com/articles/the-man-who-wrote-those-password-rules-has-a-new-tip-n3v-r-m1-d-1502124118

Password expert says he was wrong: Numbers, capital letters and symbols are useless
https://www.usatoday.com/story/news/nation-now/2017/08/09/password-expert-says-he-wrong-numbers-capital-letters-and-symbols-useless/552013001/

Best practices for passwords updated after original author regrets his advice - The Verge
https://www.theverge.com/2017/8/7/16107966/password-tips-bill-burr-regrets-advice-nits-cybersecurity

Once I told the Wall Street Journal regret of surprise, onceNational Institute of Standards and TechnologyMr. Bill · Bar who served as director of the company and now retired. Mr. Bar was a person engaged in guidelines for making a secure password announced in 2003. Among them, "using uppercase and lowercase letters together" "mixing numbers and symbols" "regularly using a password How to change "was recommended.

For example, if you set the word "password" in the password, it is recommended that you put capital letters into "paSSworD", put a symbol and a number to "pa $$ w0rD" It is to change it. However, these methods are not based on the contents of the investigation of the current situation at the time, they were based on the contents of the paper written in 1980, so it seems that the reliability was not so high.

Moreover, it is not good not to change the password too often, it is inefficient, and even the danger that a hacker can see the pattern of the password change is said to occur. Mr. Bar, now 72 years old, said to WSJ, "I regret a lot of what I have done, now."

ByChristiaan Colen

Perhaps everyone has ever heard about the method that has been recommended so far, and in some cases, when making a password, you are forced to say "Please include at least one uppercase alphabet in your password" Sometimes it is. Although it is "How to make a password" that the individual himself denied, another recommendation is to connect a plurality of words into one character string. For example, if you compact the sentence "I want to go out and eat some ramen (go out and eat ramen)" and compose it like "iwanttogooutandeatsomeramen", you will make an efficient and hard to forget long password It is possible to do.

However,Brute force attackSomething will definitely hit someday if you accept. Therefore, it is important to use other measures in combination, such as using 2-step authentication as well as passwords when possible.