New password guidelines: suggests everything we know about passwords is wrong

NIST declare new password guidelines

If you are like me tired of remembering complicated alphanumeric passwords then I have a good news for you. NIST announced new guidelines for passwords.

New password guidelines from the NIST(National Institute of Standards and Technology) suggest the way we have been making passwords is not as secure as we think. The password guidelines we are using today are the suggestions of Bill Burr in the year of 2003.

There are lots of websites or apps we use daily, it’s hard to remember a different complicated password for each of them. It’s not a wonder that’s  why so many people each year suffer from document loss, account hack etc. It’s not only about us that we are not using secure passwords. But at the same time due to high-end processors coming each day, hackers are getting more computing power for cracking passwords.

Since 2003 after applying Bill Burr guideline we learned a lot about password security. All that makes harder for people to remember new complicated passwords.  This guideline required people to change passwords in every 90 days. Most of us generally change passwords like “password@1” into “password@2” – which can be easily guessed.
The new guidelines stress longer passwords that don’t have to be so complicated and only have to change after a security breach. New guidelines suggest using longer passwords because cryptographically its harder to break long passwords than the shorter ones. Here are the requirements,
  • New password can’t be known simple dictionary words but we can use sentence using those dictionary words.
  • Passwords can not be repetitive or sequential characters (like “aaaaaa”  or “12345”).
  • Passwords should be 8 to 64 characters.
  • All ASCII and Unicode characters should be allowed in passwords, but not required. That means like now the use of alpha numeric character is not necessary.

Those guidelines have been released but that does not mean the different services that require passwords are going to start following them. It will take some to apply new guidelines. Some companies maybe follow those guidelines some won’t.

If you have any queries, opinions, suggestions, and feedback tell me in comments below👇


You May Also Like

About the Author: Anup Das

Hello, my name is Anup Das. I'm a blogger who is addicted to programming.


  1. Wow I never knew there was a body that regulates passwords. That being said having a longer password in form of a sentence can be cool. Thanks for the info

  2. Passwords protect you from online data theft. If you find it hard to remember all your passwords, you can use a password manager to keep a track all of your passwords. (^_^)

  3. Glad to hear that you find this post helpful. (^_^)
    By using different passwords for different sites will make them more secure. But you don't need to remember all of those you can use password manager.

  4. Yes, keep in mind every time you are changing your password. Personally I felt this guidelines can help me a lot because I'm not that good at remembering complicated passwords. (^_^)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.