The man who created the rules we all now have to live by when setting up passwords — a certain number of digits, special characters, uppercase letters and so on — has essentially apologized for creating a headache for everyone.
Gizmodo reports that Bill Burr, a former manager at the National Institute of Standards and Technology, drafted an eight-page guide back in 2003 called “NIST Special Publication 800-63. Appendix A.”
“This became the document that would go on to more or less dictate password requirements on everything from email accounts to login pages to your online banking portal,” Gizmodo notes. “All those rules about using uppercase letters and special characters and numbers — those are all because of Bill.”
But Burr, now retired at 72, was no security expert and didn’t know much about how passwords worked. And now he admits that the system doesn’t work very well.
“Much of what I did I now regret,” he said in a recent interview with The Wall Street Journal, noting that the list of guidelines was “probably too complicated for a lot of folks to understand very well, and the truth is, it was barking up the wrong tree.”