Building a Digital Defense with Passwords

The FBI’s Portland, Oregon office has published an advisory discussing password best practices for protecting yourself and your organization. The advisory also addresses common password mistakes, such as using overly simple passwords, which are easy to an adversary to hack, and reusing passwords, making it possible for a hacker who has obtained the credentials for one account to access others. The advisory advocates for longer, complex passwords that are hard to remember. This can involve combining multiple words into a long string of at least 15 characters. The extra length of a passphrase makes it harder to crack while also making it easier for you to remember. The advisory also references password recommendations from the National Institute for Standards and Technology (NIST), which include having network administrators screen everyone’s passwords against lists of dictionary words and passwords known to have been compromised as well as not allowing passwords “hints.” The advisory also touches on password manager programs. While it acknowledges that an attacker who cracks the program password knows the passwords for all of your accounts, it notes that many IT professionals agree that the benefits of such programs outweigh the risks. Read the advisory at the FBI.