Subscribe to our mailing list

* indicates required







We seek to provide information, insights and direction that may enable the Financial Community to effectively and efficiently operate in a regulatory risk-free environment by curating content from all over the web.


Stay Informed with the latest fanancialish news.





Best Passwords - Long, Easy to Remember Phrases

August 8, 2017

by Howard Haykin


Forget about UPPER CASE LETTERS123456789 and !@#$%^&*(). And don't bother changing your passwords every 3 months. 


That’s because Bill Burr, the former National Institute of Standards and Technology (NIST) manager who convinced the world 14 years ago to adopt new methodologies for creating strong passwords, realized that his rules did little for security. So, as The WSJournal puts it, “N3v$r M1^d!”


In an interview with The WSJournal (subscr reqd), Mr. Burr expressed his regrets for giving that advice. Not that his advice was flawed. It’s just that such advice was way too complicated for the everyday computer user, who typically creating passwords that hackers and computer algorithms could readily predict. [However, in deference to Mr. Burr, his advice did hold up for more than 10 years – which, in this era of advancing technology, is a lifetime.]


Say, for example, a person devised a seemingly secure password - “N3wY0rk123!” Yet, it is inherently weak because it was created with the exact same technique that most people tend to use when creating such digital combo passwords. And, when it came time to change passwords, people would compound the problem by switching to something like “N3wY0rk456!”


Going forward, NIST has done away with the old advice and is now suggesting that people use long, easy-to-remember phrases. [See NIST Special Publication 800-63-3: “Digial Identity Guidelines”] And, as far as changing passwords, it's suggested that users do so ONLY if there's a sign they may have been stolen.