The man who wrote the book on password management has a confession to make: He blew it.
Back in 2003, as a midlevel manager at the National Institute of Standards and Technology, Bill Burr was the author of “NIST Special Publication 800-63. Appendix A.” The 8-page primer advised people to protect their accounts by inventing awkward new words rife with obscure characters, capital letters and numbers—and to change them regularly.
The problem is the advice ended up largely incorrect, Mr. Burr says. Change your password every 90 days? Most people make minor changes that are easy to guess, he laments. Changing Pa55word!1 to Pa55word!2 doesn’t keep the hackers at bay.
The Man Who Wrote Those Password Rules Has a New Tip: N3v$r M1^d!
There’s a lot of misinformation about security online. The truth is that by taking a few simple steps you can make yourself much safer. Here are the basic, super easy ways to do it:
Use a unique Password, but don’t worry too much about complexity
Conventional wisdom says that if you use a long password with crazy letters, numbers, and symbols, your account is safe. The fact is, a password like “annexrubykneadtone” is just as secure as “J+e}F*b>J*S;36fSvbSLX)R}” as long as it’s unique. When a hacker is trying to break into your account, the first thing they’ll probably do is search through previous database dumps for your email address. If you’re using the same password across multiple services, a hacker who finds it can access many of your accounts.
Use two-factor authentication whenever possible
Two-factor authentication has made the internet much more secure. Generally, two-factor authentication requires that you enter a code generated by an app on your phone or sent to you via text message, in addition to your account password. It ensures that even if a hacker has your password, they can’t get into your account. You should use two-factor authentication on everything you can, from your bank account to your social media accounts to your email. Sure, it can sometimes be a pain in the ass, but it is so worth it.
Use an ad blocker
Ads are known to spread malware. For that reason alone, you should block all of them. Seriously! I say this as someone whose rent is, in part, paid by ad revenue. With ads, there is no upside when it comes to your security online.
Three Easy Tricks to Improve Your Online Security