A better approach to Pa$$woRDS

When it comes to creating strong passwords it is size and not complexity that may offer the best security, says the person who invented the password rules we've been using for the last few decades. 

His new password advice? For individuals create longer easier-to-remember passwords that can be phrases or entire sentences. For organizations stop doing password resets every month, quarter, bi-annually and maybe even annually. It may be smarter to only reset user passwords when there's evidence of a breach or significant threat. 

That's because what we've learned over the past few years is that when you force users to create "new" passwords, they simply add a number or special character to an older password (Pa$$woRD1, Pa$$woRD2, etc), which doesn't result in any additional security for the individual or the organization. 

Beauceron CEO David Shipley spoke to Toronto 640AM's Andrew Lawton to talk about the new password guidelines. 

Image courtesy of Tristan Schmurr/Flickr. Used under Creative Commons License.