"Your password must contain at least one number, an upper-case letter, and a non-alphabetic character" - these and similar password requirements, like the rule that many corporations have to change them every few months, are not taken "from the ceiling". They were formulated 15 years ago by the employee of the National Institute of Standards and Technology (NIST) USA. And now he deeply regrets what he did.

In 2003, Bill Burr (Bill Burr) wrote an eight-page guide on how to correctly create secure passwords. The document issued by NIST has since focused on defining its policy regarding user passwords, corporations, banks and Internet services. It is in this document that the requirements are formulated, such as the mandatory use in the password of letters of different registers, numbers and rare symbols.

72-year-old Burr admitted in an interview with The Wall Street Journal that he was never an expert on cybersecurity, and never really understood passwords, let alone psychological aspects of cybersecurity. According to him, when preparing his leadership, he took as a basis the document written back in the 80's. In those years, before the massive spread of the Internet was still far away, and no one could imagine how many different passwords would have to create and remember the billions of people on the planet.

Now the NIST recommendations have changed. Instead of a relatively short but hard-to-remember password with an "abracadabra" of numbers and symbols, the institute suggests using long phrases from ordinary words.

After all, with the increase in the number of characters in the password, the time required for its automated selection for hacking grows exponentially.

As for the requirement to change the password every few months, often used in corporate computer systems, it also does not greatly contribute to improving security. The vast majority of users, changing the password, simply replace it with one character, usually a digit - in the end, pick it up, knowing the old version, you can very quickly.