This guest article has been contributed by Anjali Rani.
“Password must contain one uppercase letter”
“Password must contain one numeric character”
“Password must contain one special character”
If you are a user of internet services like net banking, e-commerce or social media, you must be familiar with the statements above. These set of rules are meant to make our passwords strong and thus our information more secure online. The National Institute for Standards and Technology (NIST) suggested scrapping this method of constructing our passwords and in this article we discuss why.
Its Grueling To Remember Complicated Passwords
Very often it happens that by following these rules, we end up creating a password which we can hardly remember. We settle with any combination which gets accepted after a number of unsuccessful attempts.
For example, consider this password: #A$k!21
Most of us will not really be able to retain this in our minds. Well one solution is to use a password manager. Password managers store your login information for all the websites you use and encrypt the password database with a master password – the master password is the only one you have to remember. You can read more about using password managers in this post by How-To Geek.
Are These Passwords Really Secure, Though?
The rules which are supposed to make our passwords strong are the same which may make a hacker’s job easy. Such constraints filter out the possible combinations which the hacker would have had to try otherwise. This in turn aids developing algorithms with which it now has to try fewer character combinations before it figures out the correct one and obtains access to your information.
New Guidelines From The US Federal Government
The U.S. Federal government has pushed out new guidelines to secure passwords via the National Institute for Standards and Technology. The NIST is a non-regulatory agency of the United States Department of Commerce. The new guidelines suggest that there should be “no composition rules” and that passwords should be “easy to remember” but “hard to guess.”
There Aren’t Many Signs Of Implementation Of The New Guidelines
The new ideology being proposed by the NIST does sound like a relief, but they are not really coming to fruition anytime soon. With the government shutdown currently underway in the United States, according to Wikipedia, “the current interpretation of the Antideficiency Act requires that the federal government (to) begin a ‘shutdown’ of the affected activities involving the furlough of non-essential personnel and curtailment of agency activities and services.”
So What Happens To The New Guidelines?
What this essentially means is that government funding to these agencies has been frozen, forcing a shutdown of all activity, as is reflected on their official website right now. So until the situation is normalized it’s best to stick to the existing rules for creating safe passwords and hope better policies are implemented in the near future.