Emailed on November 22nd, 2019 in The Friday Forward

You know when you set a new password and the application requires you include some variation of: x characters, a special character, and an uppercase letter. 

That is totally useless, and the guy who invented that rule deeply regrets it.

The man in question is Bill Burr, a former manager at the National Institute of Standards and Technology (NIST). In 2003, Burr drafted an eight-page guide on how to create secure passwords creatively called the “NIST Special Publication 800-63. Appendix A.” This became the document that would go on to more or less dictate password requirements on everything from email accounts to login pages to your online banking portal. All those rules about using uppercase letters and special characters and numbers—those are all because of Bill.

The only problem is that Bill Burr didn’t really know much about how passwords worked back in 2003, when he wrote the manual. He certainly wasn’t a security expert. And now the retired 72-year-old bureaucrat wants to apologize. 

“Much of what I did I now regret,” Bill Burr told The Wall Street Journal.

So what's the deal? A shorter password with wacky characters is much easier to crack than a long string of easy-to-remember words. In fact, four simple words create a passphrase that would take a computer 550 years to guess, while a nonsensical string of random characters would take approximately three days.

So next time you're typing your first pet's name with a $ instead of an "s", you can thank Bill for that.

Subscribe to Get More Snippets Like This Straight To Your Inbox Every Friday