Sci-Tech

Cyber security: 'Use passphrase not password'

Guru advises people to use long but easy-to-remember phrases

10 August 2017 - 06:34 By JAMES TITCOMB
subscribe Just R20 for the first month. Support independent journalism by subscribing to our digital news package.
Subscribe now
Image: Thinkstock

The complicated and easily forgotten password filled with random numbers and symbols is the bane of many office workers' lives.

And now the technology guru who came up with the rules on safeguarding personal information 14 years ago has admitted that his guidance was wrong. Bill Burr wrote what has become the "bible" on password security in 2003 while working for the US government.

It advised using capital letters, numbers and non-alphabetic symbols in passwords, in the belief they would be difficult to uncover.

While legislation is in the pipeline‚ South Africans remain unprotected from cycbercrime

South Africa's approach to protecting its cyberspace has ranked 58th out of 165 countries in the world.
News
6 years ago

His advice has been widely adopted by internet security companies and IT departments. It is responsible for tortuous phrases such as "P@55w0rd" or "Football123" to satisfy password forms, as well as workers having to create a new phrase every 90 days.

But computer experts say instead of improving security, the combinations make systems less secure. Complex passwords are difficult to remember and users end up using the same one repeatedly on different websites, or writing them down on Post-it notes.

The introduction of numbers and symbols also fails to make passwords any less vulnerable to hackers. So-called "brute force" cyber attacks, in which a computer program cycles through every possible combination of characters to guess a password, are not slowed down by numbers or capital letters, but depend on how long a phrase is.

"Much of what I did I now regret," Burr, who is now retired, told the Wall Street Journal. "In the end, it was probably too complicated for a lot of folks to understand well and, the truth is, it was barking up the wrong tree."

'I thought it only happened to the Guptas': celebs terrorised by hackers

Some of Mzansi's biggest radio stars including Kuli Roberts, Mo-G and Dineo Ranaka, have been hit by a cyber-attack that has left their social media ...
TshisaLIVE
6 years ago

He said the advice to regularly change passwords was mistaken. Requiring somebody to add a number and a capital letter to their password does not stop people using bad passwords such as a pet's name, but would simply mean that "fido" would become "Fido1''.

Burr's guidelines have recently been updated. They now advise that people use long but easy-to-remember "passphrases". Using "horsecarrotsaddlestable" would take one trillion years for a "botnet" cyber attack to crack, in contrast to a minute for "P@55w0rd".

- The Daily Telegraph

subscribe Just R20 for the first month. Support independent journalism by subscribing to our digital news package.
Subscribe now

Most read

  1. Lottery winner can travel abroad to meet grandchild for the first time South Africa
  2. Ten years in jail for celebrity chef who defrauded Sars of R3.1m South Africa
  3. Sello’s PhD from bogus college, Nzimande confirms South Africa
  4. Tembisa Hospital's suspended boss Ashley Mthunzi dies South Africa
  5. Senzo Meyiwa murder investigation 'disjointed and fragmented': defence lawyer South Africa

Latest Videos

Mikel Arteta salutes ‘unbelievable’ Kai Havertz after another impressive display
2 Malaysian military helicopters collide and crash while training, killing all ...