【Landlady’s Loose Legs】

You must use at least one uppercase letter,Landlady’s Loose Legs a symbol, and a number. Or, wait, maybe not.

According to the experts at the National Institute of Standards and Technology (NIST), some of the password-strength requirements drilled into our skulls over the years are actually not that helpful.

What's worse, they may be counterproductive.

SEE ALSO: New tool teaches you how to set stronger passwords

As such, the institute issued a new draft of security guidelines on May 11, 2017, aimed at security professionals and recommending several significant changes to the password requirements we've come to accept as a necessary part of life.

What's different? Well, for one, the experts say that forcing users to create passwords which include numbers and random characters is no longer necessary.

"[Online] services have introduced rules in an effort to increase the complexity of [passwords]," reads the draft appendix. "The most notable form of these is composition rules, which require the user to choose passwords constructed using a mix of character types, such as at least one digit, uppercase letter, and symbol. However, analyses of breached password databases reveals that the benefit of such rules is not nearly as significant as initially thought, although the impact on usability and memorability is severe."

Basically, passwords full of #'s and &'s are hard to remember, and they don't actually offer that much of a benefit. Instead, NIST recommends that people be allowed to choose any password of 8 characters or more — with a catch.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

"No one will ever guess." Credit: Getty

The catch being that whatever the user selects should be compared against a list of known common passwords. Lists of stolen passwords exist, and if the key to your email account is something like "monkey" then NIST says it should be rejected.

Who is doing the work of comparing your desired password against the aforementioned list? Don't worry, it's not you. Instead, that responsibility would theoretically fall to whatever service you're trying to create an account with.

What else does NIST throw out the digital window? Why that would be a little annoying thing called forced password resets. That's right, it turns out obligating users to change their passwords — regardless of any data breaches or lack thereof — is counterproductive. Of course, if a company discovers it's been hacked, you should still be required to reset your login information.

The experts at NIST also go after what is a huge pet peeve of mine: security questions. Preset security questions that a user is forced to fill out, like "what high school did you attend," are easily discovered by hackers via a simple Google search (as Sarah Palin once painfully discovered) and should be done away with entirely.

"Verifiers also SHALL NOT prompt subscribers to use specific types of information (e.g., 'What was the name of your first pet?') when choosing memorized secrets," the draft declaratively states. Nice.

So, to recap: No special characters required, no forced password resets, and no fixed (easily guessable) security questions. It's almost like all the password security advice we've been given is wrong.

Except that chestnut about using two-factor authentication. You should still definitely do that.

---

Featured Video For You

---

Mute the world around you with these ear plugs of the future

---

Topics Cybersecurity

• Science
• Digital Culture
• Deals
• Shopping
• Tech
• Life
• Social Good
• Games

• Amazon Spring Sale 2025: The Eufy robot vacuum stick vacuum combo is on sale for the first time
• Dingdong Maicai halts nearly 40 site operations in Guangdong amid cost squeezing · TechNode
• JD seals second partnership with CCTV Spring Festival Gala amid lackluster growth · TechNode
• Huawei, Xiaomi advertise in 2024 Spring Festival Gala · TechNode
• Oklahoma City Thunder vs. Miami Heat 2024 livestream: Watch NBA online
• Chinese automakers Wuling, Changan offer holiday discounts to boost EV demand · TechNode
• Trip.com’s Q4 revenue doubles, CEO announces discontinuation of 2019 as a benchmark · TechNode
• Electric vertical takeoff and landing craft completes first flight in Shenzhen · TechNode
• Sam's Club membership discount
• Galápagos tortoise, feared extinct, has first sighting in 100 years

• Facebook social network services all go down in a worldwide outage
• 'Game of Thrones' Season 8 answers the question of Ed Sheeran's fate
• Dear People Magazine: Please stop pretending the Trump presidency is normal
• Donald Glover's 'Guava Island' reframes his hit song 'This Is America'
• Edward Snowden warned us about a president like Donald Trump
• Little girl bravely shared her truth at an anti
• Star Wars movies will go on hiatus after 'Episode IX' and that's great
• After last year's drama, Starbucks unveils holiday cups designed by 13 women
• Everything women stand to lose to President Trump
• In the election's aftermath, someone left a very kind note on a mosque door

• Babbel, Coursera, and MasterClass deals: Subscriptions on sale ahead of the new year
• SpaceX launches moon lander, lands booster despite tough conditions
• China breaks record for domestic trips made during Lunar New Year holiday period · TechNode
• Huawei, Xiaomi advertise in 2024 Spring Festival Gala · TechNode
• Blink Outdoor 4 deal: Get $130 off at Amazon
• AMD collaborates with TSMC for Zen 5 chips · TechNode
• Xiaomi set to begin mass producing first EV in February · TechNode
• Former Meituan VP to lead JD’s delivery arm Dada: report · TechNode
• Best monitor deal: Save $120 on LG 34
• Captain America just absolutely destroyed Trump's latest tweet about global warming

• NYT Connections hints and answers for December 19: Tips to solve 'Connections' #557.
• Luckin Coffee adjusts its RMB 9.9 beverage offer after taking profit hit · TechNode
• ByteDance dives into multi
• BMW launches China
• Best free online courses from MIT
• Baidu's AI model powers Samsung's new smartphone in China · TechNode
• Chinese automakers Wuling, Changan offer holiday discounts to boost EV demand · TechNode
• Alibaba shares boosted by Jack Ma and Joe Tsai buying $200 million worth of stock · TechNode
• Best earbuds deal; Save $50 on the JBL Tune Flex
• Former Meituan VP to lead JD’s delivery arm Dada: report · TechNode