New password guidelines: suggests everything we know about passwords is wrong

2 min read
Share on:

If you are like me tired of remembering complicated alphanumeric passwords then I have good news for you. NIST announced new guidelines for passwords. New password guidelines from the NIST(National Institute of Standards and Technology) suggest the way we have been making passwords is not as secure as we think. The password guidelines we are using today are the suggestions of Bill Burr in the year 2003. 

There are lots of websites or apps we use daily, it’s hard to remember a different complicated password for each of them. It’s not a wonder that’s why so many people each year suffer from document loss, account hack, etc. It’s not only about us that we are not using secure passwords. But at the same time due to high-end processors coming each day, hackers are getting more computing power for cracking passwords.

Since 2003 after applying Bill Burr guideline we learned a lot about password security. All that makes it harder for people to remember new complicated passwords.  This guideline required people to change passwords every 90 days. Most of us generally change passwords like “password@1” into “password@2”, which can be easily guessed.

The new guidelines stress longer passwords that don’t have to be so complicated and only have to change after a security breach. New guidelines suggest using longer passwords because cryptographically it’s harder to break long passwords than shorter ones. Here are the requirements,  

  • A new password can’t be known simple dictionary words but we can use sentences using those dictionary words.  
  • Passwords can not be repetitive or sequential characters (like “aaaaaa”  or “12345”).
  • Passwords should be 8 to 64 characters.
  • All ASCII and Unicode characters should be allowed in passwords, but not required. That means like now the use of alphanumeric characters is not necessary.  

  Those guidelines have been released but that does not mean the different services that require passwords are going to start following them. It will take some to apply new guidelines. Some companies may follow those guidelines some won’t.

If you have any queries, opinions, suggestions, and feedback tell me in the comments below👇You may also like this


Anup Das

I'm obsessed with python and write articles about python tutorials for Django, Data Science, and Automation.

26 thoughts on “New password guidelines: suggests everything we know about passwords is wrong”

  1. Wow I never knew there was a body that regulates passwords. That being said having a longer password in form of a sentence can be cool. Thanks for the info

  2. Oh my word, did not know there was a regulating body for this. It just gets harder every day, passwords everywhere, such a mission to remember all of them

  3. Passwords protect you from online data theft. If you find it hard to remember all your passwords, you can use a password manager to keep a track all of your passwords. (^_^)

  4. Glad to hear that you find this post helpful. (^_^)
    By using different passwords for different sites will make them more secure. But you don't need to remember all of those you can use password manager.

  5. Yes, keep in mind every time you are changing your password. Personally I felt this guidelines can help me a lot because I'm not that good at remembering complicated passwords. (^_^)

Comments are closed.