Strong Password Conventions

Were popularized by a guy named Bill Burr (No, not THAT Bill Burr). He suggested that you should replace letters with numbers like you’re a 1337 h4x0r, because that would be harder to guess/crack(?). He has since changed his stance on what a strong password looks like, and encourages people to use a long easy-to-remember phrase. Well, Bill… The damage is done.

It took you fifteen years to realize that your original advice was dog&^%$? You had to wait until most of corporate America adopted your conventions? Man, I hope the other Bill Burr meets you some day, because I’m sure he’d have some choice words for you. It would make for a great stand-up bit.

Seriously though, passwords are a terrible form of security. If you must use a password for a service, use a long one, preferably 20-32 characters in length at least. Use whatever valid characters are at your disposal (Ab3$). Use a password manager. Use 2FA if it’s available. Don’t reuse passwords. Don’t use anything publicly visible about you on social media in your passwords (Birthdays, Family/Pet Names, Nicknames, etc).

Also, if you setup recovery questions for your accounts, don’t answer them with answers that make sense. People can find out your mother’s maiden name pretty easily nowadays. Or the name of your first pet, or childhood best friend. If you lie to those questions, it makes it much more difficult to determine the answers.

Accounts are rarely breached by bruteforcing passwords. It’s much easier to find your password in a stolen databases (this is why we shouldn’t reuse passwords) that to try every possible combonation of letters, numbers and symbols. If that isn’t an option, the attacker might attempt to reset your password using your recovery answers if that’s a viable option. Fortunately most account providers now issue an email, or require a one-time code from a text or a call as an additional step. Still though, better safe than sorry.

Anyways, I thought this would be a quick humorous anecdote about how I hate this Bill Burr guy, but it turned into actual advice. I sincerely apologize, and I promise that it won’t happen again. This is not a place for useful advice. It’s where I go to yell at my enemies without fear of retaliation.

@#$% you Bill Burr!

Written on September 19, 2021