All the rules you've ever known about coming up with a password have been thrown out the door.

This is coming from the man who came up with those rules.

  • Guidelines to create strong passwords changing
  • Longer phrase passwords harder to hack, expert says
  • Banks, social media sites providing extra security checks

Bill Burr created the old guidelines in 2003. He worked for the federal government's National Institute of Standards and Technology.

Burr thought back then if you replace a few letters with numbers and characters you'd create a harder to crack password.

This week, Burr told The Wall Street Journal his thinking was misguided.

For example, say you're signing into a website.

The stronger passwords are the ones that look like this: W0r7h1e$5. That password is as good as the word WORTHLESS.

And now the guidelines to create passwords are changing. The NIST unveiled new best practices or guidelines this summer.

Dr. Nathan Fisk from the Florida Center for Cybersecurity said the best passwords are random phrases. They are easy for us to remember but harder to hack by a computer because of the human factor.

"Guessing passwords is like guessing patterns," Fisk said. "So if you know the pattern and you know that someone is going to have the capital letter in the beginning and the special character at the end, it's easier to guess."

Fisk said a longer phrase password can be remembered fairly easily and it'll be fairly hard to guess.

"These are really big positives for everyday users. Even then, for people who don't have a particularly strong password, multifactor authentication is going to the be the next big thing," Fisk said.

He means providing additional security checks. Bank websites, social media sites and others online are doing this already.

"Many people have noticed who traveled a little bit that Google will actually check who you are if you just move outside the area that you are in," he explained.

Fisk said if you don’t have a strong password that's OK because Google is actively checking to make sure you are who you say you are.