{"id":1981,"date":"2017-08-24T09:21:23","date_gmt":"2017-08-24T09:21:23","guid":{"rendered":"https:\/\/davidpapkin.net\/?p=1981"},"modified":"2017-08-24T09:21:23","modified_gmt":"2017-08-24T09:21:23","slug":"current-password-management-best-practices-obsolete-david-papkin","status":"publish","type":"post","link":"https:\/\/davidpapkin.com\/?p=1981","title":{"rendered":"Current password management best practices are obsolete by David Papkin"},"content":{"rendered":"<h4>This post by David Papkin is about current password \u00a0management rules being obsolete<\/h4>\n<h1><\/h1>\n<h4 class=\"wsj-article-headline\"><strong>The Man Who Wrote Those Password Rules Has a New Tip: N3v$r M1^d!<\/strong><\/h4>\n<p>&nbsp;<\/p>\n<p>The man who wrote the book on password management has a confession to make: He blew it.<\/p>\n<p>Back in 2003, as a midlevel manager at the National Institute of Standards and Technology, Bill Burr was the author of \u201cNIST Special Publication 800-63. Appendix A.\u201d The 8-page primer advised people to protect their accounts by inventing awkward new words rife with obscure characters, capital letters and numbers\u2014and to change them regularly.<\/p>\n<div class=\"media-object twocolumn scope-web|mobileapps twocolumn\" data-layout=\"twocolumn \" data-layout-mobile=\"\">\n<div class=\"media-object-image enlarge-image renoImageFormat-G img-twocolumn\">\n<div class=\"image-container responsive-media loaded\" data-mobile-ratio=\"156.2827%\" data-layout-ratio=\"156.2827%\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone\" src=\"https:\/\/si.wsj.net\/public\/resources\/images\/HC-GV293_Drawin_G_20170807083027.jpg\" alt=\"David Papkin\" width=\"382\" height=\"597\" data-intent=\"\" data-in-base-src=\"https:\/\/si.wsj.net\/public\/resources\/images\/HC-GV293_Drawin_G_20170807083027.jpg\" data-in-at4units-src=\"https:\/\/si.wsj.net\/public\/resources\/images\/HC-GV293_Drawin_G_20170807083027.jpg\" data-enlarge=\"https:\/\/si.wsj.net\/public\/resources\/images\/HC-GV293_Drawin_G_20170807083027.jpg\" \/><\/div>\n<div class=\"wsj-article-caption\"><\/div>\n<\/div>\n<\/div>\n<p>The document became a sort of Hammurabi Code of passwords, the go-to guide for federal agencies, universities and large companies looking for a set of password-setting rules to follow.<\/p>\n<p>The problem is the advice ended up largely incorrect, Mr. Burr says. Change your password every 90 days? Most people make minor changes that are easy to guess, he laments. Changing Pa55word!1 to Pa55word!2 doesn\u2019t keep the hackers at bay.<\/p>\n<p>Also off the mark: demanding a letter, number, uppercase letter and special character such as an exclamation point or question mark\u2014a finger-twisting requirement.<\/p>\n<div id=\"realtor\" class=\"wsj-body-ad-placement\"><\/div>\n<p>\u201cMuch of what I did I now regret,\u201d said Mr. Burr, 72 years old, who is now retired.<\/p>\n<p>In June, Special Publication 800-63 got a thorough rewrite, jettisoning the worst of these password commandments. Paul Grassi, an NIST standards-and-technology adviser who led the two-year-long do-over, said the group thought at the outset the document would require only a light edit.<\/p>\n<p>\u201cWe ended up starting from scratch,\u201d Mr. Grassi said.<\/p>\n<p><a href=\"https:\/\/www.wsj.com\/articles\/the-man-who-wrote-those-password-rules-has-a-new-tip-n3v-r-m1-d-1502124118?_lrsc=be175344-5232-4f99-9334-733c80f04f11\">See the rest of the article here.\u00a0<\/a><\/p>\n<p>This concludes this post by David Papkin<\/p>\n<p><a href=\"http:\/\/davidpapkin.org\">http:\/\/davidpapkin.org<\/a><\/p>\n<p><strong>David Papkin favorite movies<\/strong><\/p>\n<p><a href=\"https:\/\/en.wikipedia.org\/wiki\/GoodFellas\">Robert Deniro in GoodFellas<\/a><\/p>\n<p><a href=\"https:\/\/en.wikipedia.org\/wiki\/Singapore_(1947_film)\">Ava Gardner in Singapore (Flim Noir)<\/a><\/p>\n<p><a href=\"https:\/\/en.wikipedia.org\/wiki\/China_Seas_(film)\">Clarke Gable in China Seas<\/a><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This post by David Papkin is about current password \u00a0management rules being obsolete The Man Who Wrote Those Password Rules Has a New Tip: N3v$r M1^d! &nbsp; The man who wrote the book on password management has a confession to&hellip; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,4,11],"tags":[56,67,70,128,139,146],"class_list":["post-1981","post","type-post","status-publish","format-standard","hentry","category-computers","category-david-papkin","category-security","tag-clarkegable","tag-david-papkin","tag-davidpapkin","tag-password","tag-security","tag-singapore"],"_links":{"self":[{"href":"https:\/\/davidpapkin.com\/index.php?rest_route=\/wp\/v2\/posts\/1981","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/davidpapkin.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/davidpapkin.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/davidpapkin.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/davidpapkin.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1981"}],"version-history":[{"count":0,"href":"https:\/\/davidpapkin.com\/index.php?rest_route=\/wp\/v2\/posts\/1981\/revisions"}],"wp:attachment":[{"href":"https:\/\/davidpapkin.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1981"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/davidpapkin.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1981"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/davidpapkin.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1981"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}