You may already know that passwords like “123456” or “Test123” should never be used as they are not safe passwords.
But to avoid the use of insecure passwords, the websites are increasingly rigid in the rules for password definition, sometimes requiring at least 10 or 12 characters, with combinations of upper and lower case letters, numbers and symbols. Which forces the user to create complex passwords, which are difficult to memorize.
These recommendations for secure passwords were created there in 2003 by Bill Burr, director of the National Institute of Standards and Technology (NIST) . Such guidelines are still followed today in password and material validation systems with guidelines for defining secure passwords.
However, in a recent NUT review of your password safety guidelines, most recommendations have been changed. In an interview with Wall Street Journal , Bill Burr himself considered himself sorry for much of his recommendations, "now I regret much of what I did." He also admitted that the guidelines created in 2003 were based on a document written in the 1980s, when the internet was still crawling and computers did not have the processing capacity they have today to break passwords.
It turns out that just replacing letters with numbers or symbols does not guarantee good password safety. For example, even though it exchanging “Pedrinho” for “p3dr1nh0” or “lurdinha” for “lurd1nh@”, passwords can easily be discovered in brute force attacks. Mathematical calculations show that it is much harder to break a long password with easy words to be remembered than a shorter password with combinations of letters, numbers and symbols.
In the image below the XKCD website , we have the example that shows that the password “Tr0ub4dor & 3” can be broken in 3 days, while the “Correct Horse Battery Staple” password, with four words without logical sequence, would only be discovered in 550 years.
Therefore, following the guidelines of the websites and password validators, does not guarantee good safety in your passwords. Using passwords such as “g84mv@8k”, besides being difficult to memorize, are less safe than a password like “cloud -stressed”.
Considering that weak passwords are the main gateway to safety attacks, ransomware and other types of viruses in companies. It is always prudent to follow good practices regarding password definition , in this guide available for download, we list and describe a set of practices that can be followed to ensure safety in your username and passwords, for both personal and corporate accounts.
