Password Guru Bill Burr Says to Stop Using Strong Ones

Having a strong password is important on the web due to hackers and unforeseen problems. Now, we’ve always been told to change our passwords every 90 days and be sure to design our passwords a certain way.

For example, all passwords must have a mixture of numbers, uppercase and lowercase letters, along with special characters.

The man says stop!

As it stands right now, overly complex passwords and the 90 days rule are not good for users. Bill Burr, the man who recommended the need to have special characters in passwords has changed his mind how computer users should design their passwords.

He claims that the documents he created back in 2003 on how to create passwords, has been misinterpreted by everyone. As such, there have been quite a lot of confusion, but he’s ready to change our minds.


“Much of what I did I now regret,” according to the 72-year-old Burr in a statement to The Journal.

What Burr is saying is simple; computer users must no longer use special characters. Instead, it’s best to use easy to remember phrases, and passwords should only be changed if there’s a suspected hack instead of every 90 days.

Why is Bill Burr advocating change?

Apparently, it’s all about usability. Yes, it’s difficult for many computer users to type passwords on a daily basis if they are complex, especially if all their accounts on the web have different passwords.

Still, if one requires security, then he or she should have the will to accept the difficulties it entails.

Here’s the thing, if we look at recent reports of how users on the web design their passwords, it’s clearly not a sight for sore eyes. To this day, people are using their names as their password, and even the phrase “password,” which is quite surprising.

Now, trying to get folks on the web to only use easy to remember phrases is asking for trouble. Hackers know for a fact that millions are still being complacent, and they will take advantage of that.

As for the 90 days rule, it’s still valid in my eyes. Why wait until there’s a suspecting hack to change your password? By that time, it could be too late. So I am deliberately going against Bill Burr here by saying, continue with the 90 days rule until a much sensible replacement comes into play.

Chances are, Burr might no longer be in the position mentality to keep up with his 2003 demands. He’s 72 now, therefore, having to keep up with complex passwords and changing login-data every 90 days could be too much for him.

It’s not impossible by any means. And if such is the case, we’d definitely understand.