Published in News

FBI wants people to abandon passwords

by on24 February 2020


Use passphrases instead

An FBI Portland Tech report has told its readers to stop using passwords and switch to passphrases.

The FBI wants people to stop using simple and easy to remember ones, which are also easy to guess or break, and even more complex combinations of cases, numbers, and special characters that are much harder to remember.

"Password length is much more important than password complexity and instead of using shorter and more complex passwords, you should "consider using a longer passphrase".

A passphrase as a better alternative to a complex password is not exactly a new security concept, but it remains a good one, and it's good to see both the National Institute of Standards and Technology (NIST) and the FBI recommending it.

"The extra length of a passphrase makes it harder to crack while also making it easier for you to remember", the Untouchables say.

So, while ff_gdgaSi0323s is certainly difficult for a would-be attacker to guess or break using brute-force attack methods, it's an arse to remember.

However, "FantasticYellowBowledHair" is the same length but a lot less complex and so much easier to visualize and thus recall. Importantly, it's just as hard for criminals to crack. The trick is to use unrelated words that can be combined into something that you can visualise, rather than related words that might be guessable as a phrase. The FBI recommends using passphrases of at least 15 characters.

Surprised no-one thought of it before.  For years mine was "SteveJobsShagsBadgers" and, after a while, I could type it without thinking.  Then there was a security breach at my ISP and all the passwords were compromised and I had to come up with a new phrase. [Which is? Ed.]

 

Last modified on 24 February 2020
Rate this item
(0 votes)

Read more about: