One of the oldest rules about passwords is totally wrong | bambinoides.com

One of the oldest rules about passwords is totally wrong

Passwords by Christiaan Colen

Hillary iMac

Your school or workplace may require you to change your password every couple of months or so to keep your account safe. It’s a widely implemented security recommendation.

Except it’s totally wrong.

The Federal Trade Commission’s chief technologist, Lorrie Cranor, busted that myth earlier this week at a security conference in Las Vegas.

Turns out, requiring periodic password changes could end up making your password less secure. This is because when most people are required to change their password, they end up using their old password, but they make a small change.

They might change a lowercase letter to an uppercase letter. Or they might add an extra letter to the end. Researchers call these little tricks “transformations,” and hackers are very aware of them.

So real-world password crackers build these predictable transformations into their scripts and cracking routines.

“UNC researchers said if people have to change their passwords every 90 days, they tend to use a pattern, and they do what we call a transformation,” Cranor said, according to Ars Technica. “They take their old passwords, they change it in some small way, and they come up with a new password.”

Cranor is citing UNC research from 2010 that looked at a dataset of 7700 accounts that were required to change their passwords regularly.

Security expert Bruce Schneier agrees. “I’ve been saying for years that it’s bad security advice, that it encourages poor passwords,” he wrote on Friday.

That doesn’t mean it’s never a good idea to change your password. If your password is part of a major breach, like the one that struck LinkedIn, and you reuse it on other sites (which you shouldn’t), then of course you should change it.

The best practices for picking a secure password change from time to time, and I’m not a security expert. Generally, you want your password to be long and random. Schneier has good advice here, and this webcomic suggests a easy-to-remember system.

 

 

Source: Author KIF LESWING, BUSINESS INSIDER | This story originally appeared on Business Insider| Top Photo: Passwords by Christiaan Colen Image Credit: Christiaan Colen/Flickr | Published – venturebeat.com


The views expressed are not necessarily those of the publisher or bambinoides.com. Images accompanying posts are either owned by the author of said post or are in the public domain and included by the publisher of the blog bambinoides.com on its initiative.