Passwords are a pain. Just when you've got one fully committed to memory, chances are your workplace will force you to throw it away and make a new one, in the name of cybersecurity—and if you're anything like me, you'll spend the next few weeks typing in the old one out of habit. Of course, you should be using a good password manager to keep track, but even then it's an irritant.
The National Institute of Standards and Technology (NIST) has released the latest version of its Digital Identity Guidelines, and (rather fittingly) it's more fiendishly complicated to read than a particularly secure password sequence (via Ars Technica).
Amid the incredibly dry wording, however, is a rule barring the requirement that users periodically change their passwords.
The NIST is a US federal body that sets the digital standards for governmental agencies, standards organisations and private companies, so when it speaks, plenty listen. As a result, we could finally see our passwords lasting longer for a variety of services, giving us plenty of mental headspace to remember important things like sports scores, and the names of those who have wronged us in the past.
Essentially, the reasoning here seems to be thus: If users are forced to change complicated passwords frequently, they have a tendency to create simpler and simpler versions to make them easier to remember.
Given that most people don't use a password manager (and this is the point where I'm contractually obliged to glare at you disapprovingly), what was originally «Fl00fyl1ttlekittens#84753j4X))-B» gradually becomes «Floofylittlekittens8», as it's easier to remember—and eventually, «cat12345».
If that happens to be your actual password, I hope I made your stomach drop in terror.
Keep up to date with the most important stories and the best deals, as picked by the PC Gamer team.
If you're in the market for a password manager, I have a few recommendations for the ones we use regularly on the team. There's Bitwarden and
Read more on pcgamer.com