【dreary eroticism】

You must use at least one uppercase letter,dreary eroticism a symbol, and a number. Or, wait, maybe not.

According to the experts at the National Institute of Standards and Technology (NIST), some of the password-strength requirements drilled into our skulls over the years are actually not that helpful.

What's worse, they may be counterproductive.

SEE ALSO: New tool teaches you how to set stronger passwords

As such, the institute issued a new draft of security guidelines on May 11, 2017, aimed at security professionals and recommending several significant changes to the password requirements we've come to accept as a necessary part of life.

What's different? Well, for one, the experts say that forcing users to create passwords which include numbers and random characters is no longer necessary.

"[Online] services have introduced rules in an effort to increase the complexity of [passwords]," reads the draft appendix. "The most notable form of these is composition rules, which require the user to choose passwords constructed using a mix of character types, such as at least one digit, uppercase letter, and symbol. However, analyses of breached password databases reveals that the benefit of such rules is not nearly as significant as initially thought, although the impact on usability and memorability is severe."

Basically, passwords full of #'s and &'s are hard to remember, and they don't actually offer that much of a benefit. Instead, NIST recommends that people be allowed to choose any password of 8 characters or more — with a catch.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

"No one will ever guess." Credit: Getty

The catch being that whatever the user selects should be compared against a list of known common passwords. Lists of stolen passwords exist, and if the key to your email account is something like "monkey" then NIST says it should be rejected.

Who is doing the work of comparing your desired password against the aforementioned list? Don't worry, it's not you. Instead, that responsibility would theoretically fall to whatever service you're trying to create an account with.

What else does NIST throw out the digital window? Why that would be a little annoying thing called forced password resets. That's right, it turns out obligating users to change their passwords — regardless of any data breaches or lack thereof — is counterproductive. Of course, if a company discovers it's been hacked, you should still be required to reset your login information.

The experts at NIST also go after what is a huge pet peeve of mine: security questions. Preset security questions that a user is forced to fill out, like "what high school did you attend," are easily discovered by hackers via a simple Google search (as Sarah Palin once painfully discovered) and should be done away with entirely.

"Verifiers also SHALL NOT prompt subscribers to use specific types of information (e.g., 'What was the name of your first pet?') when choosing memorized secrets," the draft declaratively states. Nice.

So, to recap: No special characters required, no forced password resets, and no fixed (easily guessable) security questions. It's almost like all the password security advice we've been given is wrong.

Except that chestnut about using two-factor authentication. You should still definitely do that.

---

Featured Video For You

---

Mute the world around you with these ear plugs of the future

---

Topics Cybersecurity

• Tech
• Digital Culture
• Life
• Deals
• Entertainment
• Shopping
• Social Good
• Science

• Fritz vs. Monfils 2025 livestream: Watch Australian Open for free
• The crazy reason nearly every phone in Japan is waterproof
• How the tech world's immaturity handed Trump the election
• Banksy is now being used as a logo for the French far
• Trump praises storm response as historic disaster unfolds in Houston
• Iggy Azalea is proud to have 'world's best vagina' and so is Jon Hamm
• LinkedIn is now being blocked in Russia
• Known environmental menace, Australia gets the award it deserves
• Best Xbox Elite Series 2 deal: Save $32 on this pro
• 'Peep Show' fans, rejoice: Mitchell and Webb have a new comedy

• Facebook asks for nude photos. Days later clarifies what it will do
• The @me Twitter account gets 'hundreds' of notifications per day
• Humble dog smiles from ear to ear after seeing himself on TV
• New Nextdoor update alerts users who try to post racist language
• Snap is selling its unsold Spectacles in London
• Rebel Wilson says she was sexually harassed by a Hollywood co
• Politicians give this problematic response to Roy Moore allegations
• NASA plans rescheduled Mars Ingenuity helicopter flight for April 19
• Apple's 2021 iPad Pro packs its M1 chip, 5G, and mini
• Apple's iOS 14.5 is here. Download it for these new features.

• Wordle today: The answer and hints for January 28, 2025
• Google Earth VR is the godlike virtual reality experience we've been waiting for
• Hold onto your fairy bread, foodies. Chocolate cheese is a thing now.
• The 'You're The Worst' finale will emotionally destroy you
• AC Milan vs. Feyenoord 2025 livestream: Watch Champions League for free
• Inmates at an Alabama prison made their own #MannequinChallenge
• Iggy Azalea is proud to have 'world's best vagina' and so is Jon Hamm
• These spellbinding photos taken by an astronaut will leave you breathless
• CES 2025: How to buy (and save $390 on) the Dreame X50 Ultra robot vacuum
• This Chrome extension will warn you when you visit a fake news site

• Will Oracle take over TikTok? Trump says he'll make a decision in 30 days
• Google Earth VR is the godlike virtual reality experience we've been waiting for
• A herd of deer cause havoc during cross country race.
• Even India's Hike Messenger is copying Snapchat
• E3 2017 Trailer Roundup: Upcoming PC Games
• Queuing up outside ATMs to withdraw cash in India? Check out these apps first
• This MLB pitcher wants $25,615 for every pitch he throws
• Divergent 3D's Dagger super bike shows off 3D printing possibilities
• VidCon 2025: Creators share their mistakes and lessons learned
• This is the chip that will power every premium Android phone in 2017