Newer Cybersecurity Advice Shuns Complicated Passwords

November 4, 2019

Cybersecurity experts used to recommend adding random characters to passwords to make them stronger. However, such a tactic also makes passwords harder to remember—so security advisers are now backing off that advice. Bill Burr, a former manager of the National Institute for Standards and Technology, led this change in 2017 guidance in which he started touting easy-to-remember phrases as a better password strategy.

For years, people thought swapping out letters for special characters in passwords would add an extra layer of protection against cyberattacks, Curtis Dukes, a cybersecurity expert and executive with the Center of Internet Security Inc., told USA Today. But all that really does is frustrate the consumer when trying to recall the password; it is doing little to make you any safer online, security experts say.

Newer cybersecurity advice now centers on not repeating passwords from site to site and using phrases instead of complicated strings of letters, numbers, and special symbols. You’ll likely have an easier time remembering a long phrase—say, your favorite comedy—experts say. They also suggest not using default passwords or forming multiple passwords that only vary by a few characters.

Security experts also advise turning on two-step verification. That will require you to confirm your identity before accessing your account, such as by receiving a confirmation code via text.