That's right. Toss 'em!
Bill Burr, the analyst who conceived the original password guidelines for the National Institute of Standards and Technology (NIST), has expressed his regrets he ever spelled out using complex passwords with letters, numbers, and special characters, and changing them every 90 days.
It just drives people bananas and they don’t pick good passwords no matter what you do,
he reported in a recent Wall Street Journal article.
The new advice? Use a string of words that's easier to remember, and don't worry so much about changing them every 90 days. The total length of the password makes them more secure.
Of course, it's still a bad idea to use the same password in multiple locations, so you'll need a lot of different combinations of words. Therefore, it's still advisable to use a secured password database like KeePass or Dashlane to store them all.
In addition, it still makes sense to use another secure layer for accounts which would have a high impact should they be breached. Two Factor Authentication (2FA), in which a unique code is transmitted to your phone, or using a special encrypted device for this purpose, is advised.
Summing Up:
- Use a combination of words
- Store passwords in an encrypted database with excellent master password
- Sprinkle in a few non-alphabetic characters
- Use Two Factor Authentication for added security
bottle*score-high;brittle