FBI offers advice on how to choose stronger passwords

Feb 19, 2020 07:02 GMT  ·  By
The FBI says using passphrases is the easiest way to protect an online account
   The FBI says using passphrases is the easiest way to protect an online account

Despite the entire industry calling for everyone to use stronger passwords, choices like “passwords123” and “1234” continue to be the most used, even for protecting sensitive information like email and banking accounts.

More often than not, people sticking with these terrible passwords claim that choosing a more complex combination would be harder to remember, so the FBI has decided to come up with a series of advices that address this setback.

The FBI explains that instead of using a standard password, Internet users should consider switching to a longer passphrase that’s easier to remember but which makes it harder for hackers to crack it. The longer the passphrase, the lower the chances to get hacked, FBI says.

“Instead of using a short, complex password that is hard to remember, consider using a longer passphrase. This involves combining multiple words into a long string of at least 15 characters. The extra length of a passphrase makes it harder to crack while also making it easier for you to remember,” the Bureau explains.

Password managers are okay

Based on recommendations offered by the National Institute of Standard and Technology, or NIST, the FBI says organizations should no longer use password hints, enforce longer passwords requirements, request password changes when there’s evidence of a breach, and run frequent audits to determine whether passwords are known to have been compromised.

While the FBI doesn’t seem to be a big fan of password managers, it does recommend users to check them out anyway.

“The downside of using a password keeper program is that if an attacker cracks your vault password, then he or she knows all of your passwords for all of your accounts. But many IT professionals agree, the benefit of a password keeper program far outweighs this risk,” the FBI says.

According to data published in December by SplashData, “123456” was the worst password used in 2019, followed by “123456789,” “qwerty,” and “password.”