This is good news:
The man who wrote the book on password management has a confession to make: He blew it.
Back in 2003, as a midlevel manager at the National Institute of Standards and Technology, Bill Burr was the author of “NIST Special Publication 800-63. Appendix A.” The 8-page primer advised people to protect their accounts by inventing awkward new words rife with obscure characters, capital letters and numbers—and to change them regularly.***
The new guidelines, which are already filtering through to the wider world, drop the password-expiration advice and the requirement for special characters, Mr. Grassi said. Those rules did little for security—they “actually had a negative impact on usability,” he said.
Long, easy-to-remember phrases now get the nod over crazy characters, and users should be forced to change passwords only if there is a sign they may have been stolen, says NIST, the federal agency that helps set industrial standards in the U.S.
That’s nice to know.