•FBI advises internet users to use passphrases of at least 15 characters, instead of “strong” short passwords.
•Short and hard to remember passwords have gotten very easy for today’s computers to crack.
•Passphrases are much harder to guess, as long as the words in them are as unrelated as possible.
Is it better to use long passphrases over strong passwords? The FBI says that it is, as we’re living a time when regular people have access to powerful computers that can brute force and guess passwords no matter how hard they are for us to remember. Using passphrases makes it practically impossible for machines to crack them, as their complexity is beyond what’s attainable by the existing technology. So, should you ditch that password manager that is helping you use impossible to remember but “strong gibberish” in favor of something like “upside-down-heart-pink-cow-27”?
An increasing number of security experts believe that this should be exactly the case nowadays. These passphrases would take a current machine whole centuries to guess, they are easy to remember for the user, and won’t cause the password anxiety that hits people when they have to juggle many different ones. However, that is not to say that password managers should be thrown out of the window. After all, you can set passphrases in them manually, or have them generate very long passwords (up to 64 characters) that would undoubtedly be extremely hard to crack.
If you have a fear for single-sign-on tools in general, if you dread the possibility of forgetting or losing your master password, or if you just don’t trust what the vendors are doing with your password vault, then yes, maybe ditching them in favor of a long passphrase would make perfect sense in your case. Still though, just picking a passphrase that is easy to remember and making it adequately long isn’t enough to enjoy peace of mind. Not all passphrases are made equal, and hackers performing “dictionary attacks” can possibly crack longer passphrases pretty easily, as long as some specific criteria are met.
According to the latest FBI advice (based on NIST recommendations), users should pick words that are entirely unrelated. If you have trouble coming up with something like that, there are online passphrase generators that can help you. Just be careful not to set too many words making the passphrase hard to remember for you too. FBI says that you should aim for a minimum of 15 characters, so something with even three words would be enough. Ideally, pick a passphrase with four words as they are still easy to remember and the entropy will increase exponentially.
By Bill Toulas -
February 22, 2020
Source: technadu.com
FBI Recommends Using Long Passphrases Over Strong Passwords
.png)
Welcome!
If you are reading this guide, you are about to embark on a process that will help your organization harness the potential of technology to deliver your mission and best serve your community. Proactively planning for technology is about more than replacing old computers (although that might be part of your plan!). This process will help your organization fundamentally shift the way you approach technology investments toward greater mission achievement and community impact. It will identify opportunities for technology to help you control costs, reduce risk, raise funds, and empower staff.
Strategic technology planning – much like any strategic planning process – is a comprehensive look at the current state and the desired future state for your organization. If you just need some new computers, this may not be the right process. But if you are ready to treat technology as a mission-critical investment that can accelerate your organization’s impact, you are in the right place! Your nonprofit has much to gain from appropriately integrating technology into your operations, communications, fundraising, and service delivery. This guide offers step-by-step support to help you lead your organization through technology planning, resulting in a roadmap to smart technology use.
Acknowledgements
This guide has been produced through the generous support of the Rasmuson Foundation, a private foundation that works as a catalyst to promote a better life for Alaskans. Learn more at www.rasmuson.org. It was written and edited by Lindsay Bealko of Toolkit Consulting, who helps mission-minded organizations design creative communications, engaging education, and powerful programs. Learn more at www.toolkitconsulting.com.
Special thanks to Orion Matthews and Jeremiah Dunham of DesignPT for their substantial contributions to and reviews of this guide to make it as useful as possible to nonprofit organizations who are ready to harness the strategic potential of technology. Learn more and request help with your strategic technology plan at www.designpt.com.