We’ve been right all along – multi-word passwords are best!

We were pretty delighted to be listening to the news on the radio and hear that new password guidance is out that tells us that multi-word passwords are much better than hard-to-remember “complex” passwords. We’ve been advising users to choose long passwords made of multiple words, separated by spaces. Examples would be “its been a hard days night” or “springtime in the woods for flowers“. Maybe even “long multi-word passwords are better” ! This is opposed to those suggestions like *j^%rDqjB” and the insistence that you change passwords every 60 days. We’re not saying “I told you so…” but…

Here’s links to the NIST Draft

In case you need some help falling asleep at your keyboard, you can read the proposed guidelines from National Institute of Standards and Technology at https://pages.nist.gov/800-63-3/sp800-63b.html

Briefly, the new suggestions recognize that length makes it harder to guess or crack passwords than having those difficult characters.   And making it a set of words that are easy for you to remember but hard to guess makes it a great password.   We’ve been advocating this for some time, after we noticed other researchers arriving at this conclusion.  It makes sense, too.  The space character is a special character. And if people can use a long phrase that is easy to remember, we hope to get fewer people using “password” or “p@ssw0rd” as their passwords. Both of those made the 25 most-commonly-used passwords list.

, ,

Comments are closed.