The old way for creating computer passwords with uppercase letters and special characters actually makes them harder to remember and easier to crack.
How many times have you forgotten your password?
Signing into your email or your work computer and you just can’t tell if you hit the shift key for that one upper-case letter and then again to include the ampersand? As it turns out, not only does requiring you to create a password using a certain number of characters, special characters and numbers make it harder for you to remember your password, it actually makes it easier for a computer to guess it.
In a Wall Street Journal article, Bill Burr, the author of the 2003 paper “NIST Special Publication 800-63. Appendix A” (sounds absolutely thrilling) for the National Institute of Standards and Technology, explains his password rule-setting piece was wrong.
“Much of what I did I now regret,” the now-retired Burr told the Wall Street Journal.
In formulating the password treatise, Burr relied on a white paper written in the mid-1980s, well before the internet as we know become a household service. The guidelines he laid out set standards followed by government agencies, large businesses and just about every consumer-facing website that required users to set up passwords.
“In the end, it was probably too complicated for a lot of folks to understand very well, and the truth is, it was barking up the wrong tree,” he told the paper.
The better format, as it turns out, is a combination of four simple, unrelated words. Gizmodo cited a classic XKCD comic to show how the assortment of random characters and numbers is harder to remember but easier to crack than the four random simple words.
Hoteliers, check with your IT departments. Double check what you read in the linked articles. It might change how your company handles passwords for logging in to secure systems.
Data breaches are a constant threat in the hotel industry. Nearly every one we read about happened because of some type of malware installed on a point-of-sale system, usually through some type of phishing expedition.
We don’t hear too often about data breaches happening because hackers or their computers were able to guess a hotel employee’s password that was too simple. Still, that doesn’t mean we shouldn’t change the way we handle company passwords.
If hotel companies can adopt the newer recommendations for password standards, not only will it make their employees’ passwords more secure, their employees will be happier because they can actually remember what the passwords are.
Is your email password 12345, the same as your luggage combination? What password/security woes have you encountered on the job? Are you ready for a change? Let me know in the comments below or contact me at email@example.com or @HNN_Bryan.
The opinions expressed in this blog do not necessarily reflect the opinions of Hotel News Now or its parent company, STR and its affiliated companies. Bloggers published on this site are given the freedom to express views that may be controversial, but our goal is to provoke thought and constructive discussion within our reader community. Please feel free to comment or contact and editor with any questions or concerns.