Back in 2003, Burr was mid-level manager at the US National Institute of Standards and Technology (NIST), and he was the author of “NIST Special Publication 800-6” that advised people about passwords used to secure their accounts.
Since its initial release nearly fifteen years ago, the NIST advice on passwords has been updated a number of times, most recently in June this year.
72-year old Burr had initially advised people to change their password every 90 days, and he also said that people should complicate their passwords by adding capital letters, numbers and symbols.
Indeed, many tech companies now regularly ban the use of easy to remember passwords.
But now in an interview with the Wall Street Journal, Burr acknowledges that his 2003 manual was “barking up the wrong tree”.
“In the end, it was probably too complicated for a lot of folks to understand very well, and the truth is, it was barking up the wrong tree,” he is quoted as saying.