It's tough to create a good, secure password. It's tough to even agree on what makes a password strong in the first place, but most of the websites you'll visit probably recommend numbers, capital and lowercase letters, and a random symbol or two.

This was actually the recommendation of Bill Burr, who created those password guidelines while working for the National Institute of Standards and Technology back in 2003.

But now, almost 15 years later, Burr finally admits he made a mistake. In an interview with the Wall Street Journal, Burr expressed his regrets for giving advice he now realises was flawed.

The problem isn't that passwords with random numbers and symbols in them aren't secure – they can be, especially if a random password generator is used to create secure passwords. The problem is that humans suck at remembering passwords filled with random numbers and symbols, so they typically create simpler passwords that are easier to guess.

Finger, Technology, Computer keyboard, Hand, Electronic device, Electronic instrument, Musical keyboard, Musical instrument, Keyboard, Laptop, pinterest
Rafe Swan

If you've ever had to come up with a "secure" password, you probably did the same thing as almost everyone else – pick the first word that comes to mind and substitute a few numbers and symbols for letters. An O becomes a zero, a 1 becomes an exclamation point, and now you have what looks like an impossible-to-crack password.

But you're not the only one doing this, which means that hackers routinely try to guess these common substitutions. These simple instructions double as a handy guide for attack by password crackers. Ironically, Burr's password security guidance actually ended up making passwords less secure.

What to Read Next

Burr's admission comes at a time when "secure password advice" is becoming mostly irrelevant. There are several services like LastPass and OnePass that will generate secure passwords for you and remember them so you don't have to.

And in a few years, if Apple and co get their way, we'll have replaced passwords entirely with some other sort of tech all together anyway.


Want up-to-the-minute entertainment news and features? Just hit 'Like' on our Digital Spy Facebook page and 'Follow' on our @digitalspy Twitter account and you're all set.