New Guidelines on Passwords


You know all that advice about making hard passwords? They must include at least one number and special character. You know how we’re told to change the password frequently and to never use the same one for different things?

Well, there are new guidelines that basically say to forget what you’ve been told. So, thanks to the National Institute of Standards and Technology, managing your passwords is about to get easier!

Paul Grassi, senior standards and technology adviser at NIST told NPR, “The traditional guidance is actually producing passwords that are easy for bad guys and hard for legitimate users.”

Here are some highlights on the new guidelines:

  • Keep passwords simple, long and memorable.
  • Use phrases, lowercase letters and typical English words.
  • There’s no need for special characters or a mix of upper and lowercase letters.
  • There’s no need for your password to expire.

That’s it! Easy peasy! You can read the full report here: NIST Special Publication 800-63B

You can also hear (and read) the full interview with Paul Grassi on NPR’s All Things Considered.