FBI Password Guidelines

Password (French “parole” – word) – a conditional word or set of characters designed to confirm identity or authority. Passwords are often used to protect information from unauthorized access. On most computing systems, the username-password combination is used to authenticate the user.

Sooner or later, we all think about the security of our data on the Internet, and is the Internet safe at all? VeePN, Passwords are a means of protection against strangers, and our security depends on how complicated we come up with it. The FBI recommends: instead of short complex passwords, it’s better to switch to simple passphrases.

This week, the Portland FBI office made recommendations for using long passwords from simple words instead of short and complex passwords. Recommendations were generated through technical consultations. A short password consisting of letters in different registers, numbers and special characters is extremely difficult for most users to remember. A passphrase from simple words, on the contrary, is easily remembered by a person due to associative thinking.

The United States National Institute of Standards and Technology (NIST) issued similar recommendations back in 2017. According to these recommendations, it was necessary to place password fields up to 64 characters long on sites. Users were advised to use passphrases instead of complex passwords. A similar recommendation in November 2019 was included in the safety council by the U.S. Department of Homeland (Domestic) Security (DHS).

The FBI recommendation suggests using a few simple words in a string of at least 15 characters. “The extra length of the passphrase makes hacking difficult and also makes it easier to remember.” Hacking passphrases even from simple words will require much more time than hacking an extremely complex but short password. This is also confirmed by academic studies, the results of which were published in 2015: “the effect of increasing the length exceeds the effect of expanding the alphabet [adding complexity]”.

On the topic of password phrases, an XKCD comic appeared seven or eight years ago. Later, a site was even opened to generate password phrases in the style of this comic book. In addition, there are open source libraries that can endow services and applications with the ability to automatically generate passphrases. But all this does not make sense if users do not consciously begin to use passphrases instead of short complex passwords or, which also doesn’t outlive themselves, “12345” combinations.

Conclusion: follow the rules for working with passwords and be sure to store them in special programs, so you complicate the work of hackers.