From: The Verge
Fourteen years later, Bill Burr says his tips were misguided
The problem wasn’t that Burr was advising people to make passwords that are inherently easy to crack, but that his advice steered everyday computer users toward lazy mistakes and easy-to-predict practices. Burr’s eight-page password document, titled “NIST Special Publication 800-63. Appendix A,” advised people to use irregular capitalization, special characters, and at least one numeral. That might result in a password like “P@ssW0rd123!” While that may make it seem secure on the surface (neglecting, of course, that “password” is a bad password), the issue is that most people tend to use the same exact techniques when crafting these digital combo locks. That results in strings of characters and numbers that hackers could easily predict and algorithms that specifically target those weaknesses.