From an editorial Friday in The Dallas Morning News:
So now you tell us.
In 2003, Bill Burr wrote the rules for password security for the U.S. National Institute of Standards and Technology, urging computer users to change passwords every 90 days and create such intricate passwords that even the world’s fastest supercomputer would overheat trying to decipher them.
Burr, however, recently confessed to The Wall Street Journal that this digital keyboard dance has caused endless frustration among us, the computer-using masses, in the name of online security. He is among a chorus of security experts who now say that a simple natural language sentence, for example, “It is a lovely day in Spain,” is a better password than the tortured, numbers-letters-and-wingdings combinations we are all burdened with remembering. “The truth is, it was barking up the wrong tree,” he says.
Well, what do you know?
Unfortunately, his mea culpa comes a bit too late for us. We’ve wasted years of our lives changing passwords, not because we’re security freaks, but mostly because we can’t remember those impossible combinations of numbers, upper and lower case letters, special characters and symbols.
Password security is important, given the many high-profile corporate and social media hacks of supposedly secure computer networks. Experts believe passwords as we know them will eventually fully give way to biometrics like fingerprint sensors and face recognition technologies found on some smartphones. And who knows after that?
We can’t wait to see it happen. And soon.