4920 Constellation Drive
White Bear Township, MN 55127-2218
email@example.com | 651.407.8555
The US Federal Bureau of Investigation (FBI) recommends using use passphrases instead of passwords. Find out what passphrases are and why they are becoming more popular to use.
People should use passphrases instead of passwords to secure online accounts, according to the US Federal Bureau of Investigation. The FBI is one of a growing number of organizations making this recommendation, joining the likes of the SANS Institute, the Commonwealth of Massachusetts, and the US National Institute of Standards and Technology.
Here’s a look at what passphrases are and why their use is becoming more popular.
What Passphrases Are
Which would you rather use in your login credentials: “gF3a$b2T7%@Yj9k&Vx68H” or “avocado robot dancing castle”? If you picked the latter, you are not alone. To remember it, you just need to envision an avocado-colored robot dancing in a castle. For most people, picturing an image or scene is easier than trying to memorize a long, complex password that consists of random numbers, symbols, and mixed-case letters.
The string “avocado robot dancing castle” is an example of a passphrase. Passphrases are long yet memorable phrases. When creating a passphrase, you only need to follow several simple rules:
You do not have to adhere to any other composition rules. This means you can forgo the use of symbols, numbers, or capital letters if desired. You can even use spaces, assuming the password input tool allows them. Spaces make passphrases easier to enter.
Easier to Remember Does Not Mean Easier to Crack
Just because passphrases are easier to remember does not mean they are less secure than complex passwords. Longer character strings are cryptographically harder to crack than shorter ones, even if the shorter strings include symbols, numbers, and mixed-cased letters, according to experts. Consider, for example, how much time hackers would need to spend to crack the following passphrases and passwords using a brute-force password-cracking tool on an average computer. It would take:
The bottom line is that length matters — and with passphrases, you can create long strings that are easy to remember.
Use Two-Step Verification as Well
Following NIST’s lead, the FBI recommends people follow several other security practices, including using two-factor authentication (aka two-step verification) when possible. With this type of authentication, you must provide two credentials to log in, such as a one-time security code and a passphrase or password. Having to provide two credentials adds an extra layer of security that can prevent unauthorized access to your online account.
The FBI also recommends using a password manager if you have numerous credentials you need to remember. Password managers typically encrypt and store account credentials in a repository. When you want to access one of your accounts using the stored login credentials, you enter a master passphrase (or password) and select the account. This means you only need to remember one passphrase instead of many to log in to your accounts.
Passphrases Are Good for Businesses, Too
Passphrases aren’t just for individuals to use. Companies can benefit from using them as well.
You might consider encouraging employees to use passphrases when logging into business accounts. Before doing so, though, you need to provide training on how to create passphrases as well as adapt your company’s policies and systems for passphrase use. For example, you need to configure a minimum password length of at least 15 characters. We can help you make the necessary configurations and other changes needed for your business to use passphrases.
FBI flickr photo by jossuppy shared under a Creative Commons (BY) license