FBI Recommends Using Long Passphrases Over Strong Passwords

  • FBI advises internet users to use passphrases of at least 15 characters, instead of “strong” short passwords.
  • Short and hard to remember passwords have gotten very easy for today’s computers to crack.
  • Passphrases are much harder to guess, as long as the words in them are as unrelated as possible.

Is it better to use long passphrases over strong passwords? The FBI says that it is, as we’re living a time when regular people have access to powerful computers that can brute force and guess passwords no matter how hard they are for us to remember. Using passphrases makes it practically impossible for machines to crack them, as their complexity is beyond what’s attainable by the existing technology. So, should you ditch that password manager that is helping you use impossible to remember but “strong gibberish” in favor of something like “upside-down-heart-pink-cow-27”?

An increasing number of security experts believe that this should be exactly the case nowadays. These passphrases would take a current machine whole centuries to guess, they are easy to remember for the user, and won’t cause the password anxiety that hits people when they have to juggle many different ones. However, that is not to say that password managers should be thrown out of the window. After all, you can set passphrases in them manually, or have them generate very long passwords (up to 64 characters) that would undoubtedly be extremely hard to crack.

If you have a fear for single-sign-on tools in general, if you dread the possibility of forgetting or losing your master password, or if you just don’t trust what the vendors are doing with your password vault, then yes, maybe ditching them in favor of a long passphrase would make perfect sense in your case. Still though, just picking a passphrase that is easy to remember and making it adequately long isn’t enough to enjoy peace of mind. Not all passphrases are made equal, and hackers performing “dictionary attacks” can possibly crack longer passphrases pretty easily, as long as some specific criteria are met.

According to the latest FBI advice (based on NIST recommendations), users should pick words that are entirely unrelated. If you have trouble coming up with something like that, there are online passphrase generators that can help you. Just be careful not to set too many words making the passphrase hard to remember for you too. FBI says that you should aim for a minimum of 15 characters, so something with even three words would be enough. Ideally, pick a passphrase with four words as they are still easy to remember and the entropy will increase exponentially.



How to Watch Formula 1 Without Cable in 2021: Live Stream F1 Grand Prix Anywhere!

The 2021 Formula 1 World Championship is nearly underway, and we're excited to see the big names on the circuit once more,...

How to Watch Floyd Mayweather Vs. Logan Paul: Live Stream, Fight Date

Boxing legend Floyd Mayweather makes his return to the ring on June 06 to take on famous YouTuber Logan Paul in a...

Google Finds a Way Out of the Deadlock for YouTube TV on Roku

Google is offering a workaround for Roku users who suddenly got locked out of the YouTube TV app.The tech giant is incorporating...