The Problem with Complex Passwords


For each of us, our online security depends on passwords, and like much of human activity--during the rush of day-to-day effort, we often take short cuts to accomplish tasks the easy way. 

When it comes to password complexity, NIST has done some research revealing that forcing users to change passwords has negative and unintended consequences. The same can be said of random sets of letters, numbers, and symbols. The complexity leads to behaviors (copying it down on a sticky note), that makes for less secure systems.

So, the better approach is to use a phrase, or a few random words--and of course to never use the same password for different systems.

The Wall Street Journal recently published a good article on this topic. You may want to share with friends, family members and colleagues. It offers a way forward for those folks who are change-hesitant. Instead of saying that complex passwords no longer make sense, the article suggests that the definition of complexity has changed. This is a good strategy: better passwords with a dose of change management tossed in for good measure. Complexity is now a few random words in a phrase, not a jumble of symbols and letters. Even better, think about making one of those words in a different language--the new version of adding a symbol or two.

So, heed this advice to update your password behaviors.  At Visionlink we've already changed our systems to support these new research-based best practices. And if you are a Wall Street Journal subscriber, click here to read more.