Whether we're trying to buy a bath mat online or setting up a new bank account, we're all familiar with the prompts telling us the password we've selected isn't "complex" enough to be safe. For instance, you type in a long sentence, but you're told that it needs a number, an upper case letter, or a "special character."
Well, those guidelines didn't come from nowhere -- they came from a man named Bill Burr, a former manager at the National Institute of Standards and Technology (NIST). And it turns out that Mr. Burr is very regretful for having wasted so much time with guidelines that don't really work. In 2003, Burr wrote a guide on secure passwords: the “NIST Special Publication 800-63. Appendix A.” That guide is where many of our standards around passwords came from.
BUT, it turns out a longer password, with English words (much easier for most of us to remember) is actually harder for a computer to guess than a shorter password with arbitrary characters. And so all the complex password hijinks haven't really been keeping us safer.
We appreciated this article for the simple fact that getting a glimpse into the human side of the internet is always interesting. And Mr. Burr's honesty and humility are refreshing.
But we also think there are two important takeaways from Mr. Burr's revelation:
- What seems "high tech" is not always better or safer.
For instance, we find that in medicine, there is a constant perception that more expensive hardware and technology are safer or more powerful. We've even had hospitals tell us that iClickCare is too inexpensive for them to buy. The truth is that iClickCare is as sophisticated, as HIPAA compliant, and as innovative as software can be. It just appears simple because it can be used from any computer, is relatively inexpensive to implement, and is very easy to use. Those are all great things, but not if you're looking for the most complicated-seeming solution on the market.
- Just because something is repeated often, doesn't mean it's true.
With all of the complexity in medicine right now, it's common for an "echo chamber" effect to be created, in which things are repeated and seem true simply because we've heard them so often. Sometimes the EHR/EMR that is used a lot isn't the best one; and sometimes commonly understood causes of a situation aren't the correct causes. In the case with the passwords, it's clear that an incorrect approach became industry standard, just because it was used so often.
We encourage you to find the best solution for your situation. Just as it turns out that the "plain English" passwords actually work better, the simpler solution in telemedicine can work better as well.
Get our guide on the simplest kind of telemedicine out there: