Chances are you’ve never heard of the National Institute of Standards and Technology (NIST) Special Publication 800-63, Appendix A. But you’ve been using its contents from your first online account and password until today. That’s because, within it, you’ll find the first password rules such as requiring a combination of a lowercase and uppercase letter, a number, and a special character — and the recommendation of changing your password every 90 days.
There’s only one problem. Bill Burr, who originally set up these rules, thinks he blew it. “Much of what I did I now regret,” Burr told the The Wall Street Journal a few years ago.