【TV Movie Archives】

You must use at least one uppercase letter,TV Movie Archives a symbol, and a number. Or, wait, maybe not.

According to the experts at the National Institute of Standards and Technology (NIST), some of the password-strength requirements drilled into our skulls over the years are actually not that helpful.

What's worse, they may be counterproductive.

SEE ALSO: New tool teaches you how to set stronger passwords

As such, the institute issued a new draft of security guidelines on May 11, 2017, aimed at security professionals and recommending several significant changes to the password requirements we've come to accept as a necessary part of life.

What's different? Well, for one, the experts say that forcing users to create passwords which include numbers and random characters is no longer necessary.

"[Online] services have introduced rules in an effort to increase the complexity of [passwords]," reads the draft appendix. "The most notable form of these is composition rules, which require the user to choose passwords constructed using a mix of character types, such as at least one digit, uppercase letter, and symbol. However, analyses of breached password databases reveals that the benefit of such rules is not nearly as significant as initially thought, although the impact on usability and memorability is severe."

Basically, passwords full of #'s and &'s are hard to remember, and they don't actually offer that much of a benefit. Instead, NIST recommends that people be allowed to choose any password of 8 characters or more — with a catch.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

"No one will ever guess." Credit: Getty

The catch being that whatever the user selects should be compared against a list of known common passwords. Lists of stolen passwords exist, and if the key to your email account is something like "monkey" then NIST says it should be rejected.

Who is doing the work of comparing your desired password against the aforementioned list? Don't worry, it's not you. Instead, that responsibility would theoretically fall to whatever service you're trying to create an account with.

What else does NIST throw out the digital window? Why that would be a little annoying thing called forced password resets. That's right, it turns out obligating users to change their passwords — regardless of any data breaches or lack thereof — is counterproductive. Of course, if a company discovers it's been hacked, you should still be required to reset your login information.

The experts at NIST also go after what is a huge pet peeve of mine: security questions. Preset security questions that a user is forced to fill out, like "what high school did you attend," are easily discovered by hackers via a simple Google search (as Sarah Palin once painfully discovered) and should be done away with entirely.

"Verifiers also SHALL NOT prompt subscribers to use specific types of information (e.g., 'What was the name of your first pet?') when choosing memorized secrets," the draft declaratively states. Nice.

So, to recap: No special characters required, no forced password resets, and no fixed (easily guessable) security questions. It's almost like all the password security advice we've been given is wrong.

Except that chestnut about using two-factor authentication. You should still definitely do that.

---

Featured Video For You

---

Mute the world around you with these ear plugs of the future

---

Topics Cybersecurity

• Tech
• Shopping
• Science
• Deals
• Digital Culture
• Entertainment
• Social Good
• Games

• Operation Mensch
• NYT's The Mini crossword answers for April 17
• Amazon deals of the day: Samsung Galaxy Tab A9+, Echo Pop bundle, and more
• ChatGPT vs. Gemini: Which AI chatbot won our 5
• How to Squeeze the Most Out of Your iPhone's Battery
• Verizon explains why it throttled a fire department's data during wildfire
• Bayern Munich vs. Arsenal 2024 livestream: Watch Champions League for free
• CATL launches the world’s first 4C superfast charging LFP battery · TechNode
• The Mismeasure of Media
• SIA raises concerns over Huawei’s expanding chip facility networks in China · TechNode

• How to make your Twitter profile picture an NFT
• Kim Kardashian shares what happened during her meeting with Donald Trump
• The Onion brought Elon Musk and Malala Yousafzai together on Twitter
• 'The Great British Bake Off' is becoming a stage musical
• Goodest girl ever gets her own entry in school's yearbook
• Facebook and Instagram will reportedly let users create, buy, and sell NFTs
• Reddit user texts brother mid
• Benedict Cumberbatch, IRL superhero, saved a man from four muggers
• Sujata Day's emotional 'Definition Please' debuts on Netflix
• Not a single all

• Astronomers saw one galaxy impale another. The damage was an eye
• Honor to launch new phones in India, with former Realme CEO joining the company · TechNode
• Baidu integrates three new plug
• ChatGPT vs. Gemini: Which AI chatbot won our 5
• Best soundbar deal: Save $300 on the Sonos Arc
• Snapchat will now watermark AI
• Caitlin Clark's shockingly low rookie WNBA salary, explained
• Kuaishou publicly launches its own large language model that takes on GPT3.5 · TechNode
• Amazon Prime Grubhub deal: Save $10 off orders of $20 or more
• Beijing forbids generative AI in online medical prescriptions · TechNode

• New MIT report reveals energy costs of AI tools like ChatGPT
• NYT's The Mini crossword answers for April 17
• Starbucks establishes innovation and technology center in Shenzhen, China · TechNode
• How to backup iPhone
• A Typical Wall Street Republican
• NYT's The Mini crossword answers for April 17
• SpaceX books its first passenger to fly around the moon
• Lenovo appoints former Goldman Sach director John Thornton as non
• Ryzen 5 1600X vs. 1600: Which should you buy?
• Goats like it best when you smile, new research shows