Tech News, Magazine & Review WordPress Theme 2017
  • Home
  • News
  • Reviews
    Eset Smart Security Review

    Eset Smart Security Review

    Avast Premium Security Review: The Best Anti-Malware & Cybercrime Software?

    Avast Premium Security Review: The Best Anti-Malware & Cybercrime Software?

    Norton Internet Security Review

    Norton Internet Security Review

    MSI GS65 Stealth Thin 15 Review

    MSI GS65 Stealth Thin 15 Review

    ASUS Zephyrus M15 GU502LW Review

    ASUS Zephyrus M15 GU502LW Review

    Alienware Area-51m R2 Review

    Alienware Area-51m R2 Review

  • Gaming
    Best Gaming Laptops of 2022

    Best Gaming Laptops of 2022

    Most Popular Online Games in 2022

    Most Popular Online Games in 2022

    Best Gaming Consoles You Can Buy in 2022

    Best Gaming Consoles You Can Buy in 2022

    The Analogue Nt Mini NES Console Review: Play Your Favorite NES Games On The Big Screen

    The Analogue Nt Mini NES Console Review: Play Your Favorite NES Games On The Big Screen

  • Gear
    • All
    • Camera
    • Drones
    • Laptop
    • Smartphone
    15 Best Smartwatches With Built-in GPS in 2022

    15 Best Smartwatches With Built-in GPS in 2022

    Lenovo Legion Y740 Review

    Lenovo Legion Y740 Review

    MSI GS65 Stealth Thin 15 Review

    MSI GS65 Stealth Thin 15 Review

    ASUS Zephyrus M15 GU502LW Review

    ASUS Zephyrus M15 GU502LW Review

    Alienware Area-51m R2 Review

    Alienware Area-51m R2 Review

    Acer Predator Triton 500 PT515-51 Review

    Acer Predator Triton 500 PT515-51 Review

    Trending Tags

    • Best iPhone 7 deals
    • Apple Watch 2
    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • iOS 10
    • iPhone 7
    • Sillicon Valley
  • Computers
    Top 10 PC Keyboards in 2022

    Top 10 PC Keyboards in 2022

    Lenovo Legion Y740 Review

    Lenovo Legion Y740 Review

    MSI GS65 Stealth Thin 15 Review

    MSI GS65 Stealth Thin 15 Review

    ASUS Zephyrus M15 GU502LW Review

    ASUS Zephyrus M15 GU502LW Review

    Alienware Area-51m R2 Review

    Alienware Area-51m R2 Review

    Acer Predator Triton 500 PT515-51 Review

    Acer Predator Triton 500 PT515-51 Review

  • Security
    Cybersecurity & PR: How The Human Element Can Cause Breaches

    Cybersecurity & PR: How The Human Element Can Cause Breaches

    Eset Smart Security Review

    Eset Smart Security Review

    Avast Premium Security Review: The Best Anti-Malware & Cybercrime Software?

    Avast Premium Security Review: The Best Anti-Malware & Cybercrime Software?

    How To Protect Yourself While Using Public WiFi

    How To Protect Yourself While Using Public WiFi

    Norton Internet Security Review

    Norton Internet Security Review

    Google has been asked to take down over a million websites

    Google has been asked to take down over a million websites

No Result
View All Result
  • Home
  • News
  • Reviews
    Eset Smart Security Review

    Eset Smart Security Review

    Avast Premium Security Review: The Best Anti-Malware & Cybercrime Software?

    Avast Premium Security Review: The Best Anti-Malware & Cybercrime Software?

    Norton Internet Security Review

    Norton Internet Security Review

    MSI GS65 Stealth Thin 15 Review

    MSI GS65 Stealth Thin 15 Review

    ASUS Zephyrus M15 GU502LW Review

    ASUS Zephyrus M15 GU502LW Review

    Alienware Area-51m R2 Review

    Alienware Area-51m R2 Review

  • Gaming
    Best Gaming Laptops of 2022

    Best Gaming Laptops of 2022

    Most Popular Online Games in 2022

    Most Popular Online Games in 2022

    Best Gaming Consoles You Can Buy in 2022

    Best Gaming Consoles You Can Buy in 2022

    The Analogue Nt Mini NES Console Review: Play Your Favorite NES Games On The Big Screen

    The Analogue Nt Mini NES Console Review: Play Your Favorite NES Games On The Big Screen

  • Gear
    • All
    • Camera
    • Drones
    • Laptop
    • Smartphone
    15 Best Smartwatches With Built-in GPS in 2022

    15 Best Smartwatches With Built-in GPS in 2022

    Lenovo Legion Y740 Review

    Lenovo Legion Y740 Review

    MSI GS65 Stealth Thin 15 Review

    MSI GS65 Stealth Thin 15 Review

    ASUS Zephyrus M15 GU502LW Review

    ASUS Zephyrus M15 GU502LW Review

    Alienware Area-51m R2 Review

    Alienware Area-51m R2 Review

    Acer Predator Triton 500 PT515-51 Review

    Acer Predator Triton 500 PT515-51 Review

    Trending Tags

    • Best iPhone 7 deals
    • Apple Watch 2
    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • iOS 10
    • iPhone 7
    • Sillicon Valley
  • Computers
    Top 10 PC Keyboards in 2022

    Top 10 PC Keyboards in 2022

    Lenovo Legion Y740 Review

    Lenovo Legion Y740 Review

    MSI GS65 Stealth Thin 15 Review

    MSI GS65 Stealth Thin 15 Review

    ASUS Zephyrus M15 GU502LW Review

    ASUS Zephyrus M15 GU502LW Review

    Alienware Area-51m R2 Review

    Alienware Area-51m R2 Review

    Acer Predator Triton 500 PT515-51 Review

    Acer Predator Triton 500 PT515-51 Review

  • Security
    Cybersecurity & PR: How The Human Element Can Cause Breaches

    Cybersecurity & PR: How The Human Element Can Cause Breaches

    Eset Smart Security Review

    Eset Smart Security Review

    Avast Premium Security Review: The Best Anti-Malware & Cybercrime Software?

    Avast Premium Security Review: The Best Anti-Malware & Cybercrime Software?

    How To Protect Yourself While Using Public WiFi

    How To Protect Yourself While Using Public WiFi

    Norton Internet Security Review

    Norton Internet Security Review

    Google has been asked to take down over a million websites

    Google has been asked to take down over a million websites

No Result
View All Result
ITRsearch.com
No Result
View All Result

Magid: Ditch that password in favor of a ‘passphrase’

February 28, 2020
Reading Time: 5 mins read
A A
Home News
Share on FacebookShare on Twitter

Magid: Ditch that password in favor of a ‘passphrase’

There has been some re-thinking among security experts over what constitutes a good password and how often — if ever — you should change your passwords. Even the word “password” is being morphed into “passphrase.”

Larry Magid 

Experts have always agreed that it’s a bad idea to use a simple password like “password” or the name of your dog, and that you should avoid using the same password on multiple sites. Simple passwords – especially dictionary words – are easy for hackers and machines to guess and if you use the same password on different sites, a hack of one site could make all your other sites vulnerable.

There is also a long-held consensus that longer is better. Many sites require your password to be at least 8 characters long, but now many experts are saying it should be much longer.

Most experts also agree that it’s a good idea to include symbols along with at least one or two uppercase letters and a number or two.  But, the FBI’s Oregon Field Office recently posted advice that suggests you use a passphrase instead of a password. Though their advice didn’t say that you should necessarily include symbols or numbers, I still think that’s generally a good idea.

Those smart enough to avoid simple passwords would often come up with complex ones but those can be hard to remember and, unless they’re long, they’re not necessarily as secure as you might hope. The current thinking from government security experts is that length is more important than complexity.

There was a time when people were advised to change their passwords every 6 or so months but, if you follow the advice below, the common consensus is that you don’t need to do that unless one of your sites was breached.

The Oregon FBI’s examples (please don’t use these verbatim) include a phrase such as “VoicesProtected2020WeAre” or “even better,” a passphrase that combines multiple unrelated words, such as “DirectorMonthLearnTruck.”

One thing they didn’t say was how you might vary this passphrase so that you could use a version of it on multiple sites. My recommendation is to add a string of characters that are unique to each site or app. I won’t suggest examples but figure out a way to scramble the spelling of the name of the (or a portion of it) to add to the passphrase so that if a person or machine does get one of your passphrases, they can’t get into all of your accounts.

The FBI’s suggestions are based on advice from the National Institute of Standards and Technology (NIST), which in a long and rather technical post, aimed at people who develop password verification schemes, outlined some of the concerns with previous password recommendations.

For example, it’s long been assumed that your passwords be complex and hard to guess. While being hard to guess is a good recommendation, a single password that is hard to guess might also be hard to remember, or, if it contains special characters, might be rejected by some sites “Users also express frustration when attempts to create complex passwords are rejected by online services. Many services reject passwords with spaces and various special characters,” said the report.

The rejection of some special characters is a pet peeve of mine. I use a certain symbol in some of my passwords and – while most sites accept that symbol — there is one I use that doesn’t. Many sites don’t accept spaces which would make sense to use in a phrase, though I don’t have much problem simply using the words in the phrase and leaving out the spaces.

Advice for site operators

Both NIST and the FBI have advice for site and app operators, urging them to accept longer passphrases with whatever characters the user wants to include.

NIST rather firmly recommends that verification systems “SHALL require subscriber-chosen memorized secrets to be at least 8 characters in length. Verifiers SHOULD permit subscriber-chosen memorized secrets at least 64 characters in length. And, based on NIST’s recommendations, the Oregon FBI suggests that site and app operators require everyone to use longer passwords or passphrases of 15 or more characters without requiring uppercase, lowercase, or special characters. NIST also suggests that operators only require password changes when there’s a reason to believe their network has been compromised. They advise that services “don’t lock a user’s account after a certain number of incorrect login attempts and that they don’t allow password hints. This advice is all new and at least partially contrary to the way most sites currently operate.

Other forms of protection

In addition to strong, long and unique passphrases, another protection is dual-factor authentication such as having to enter a code sent to your phone via SMS (or email in some cases) if you try to access a site from a device or browser that you haven’t used before. This isn’t perfect, but it does offer protection if someone else tries to get into your account because, chances are, they won’t have access to your device or email to be able to retrieve that code.  Many financial institutions require you to use dual factor authentication and many sites and apps, including those operated by Google, Facebook, Twitter, Apple and Microsoft, make it optional.

Another tool is a password manager like LastPass or RoboForm, which store your passwords and enter them for you. I use one and think they’re great. But as the Oregon FBI points out “The downside of using a password keeper program is that if an attacker cracks your vault password, then he or she knows all of your passwords for all of your accounts.” Still, the FBI points out that “many IT professionals agree, the benefit of a password keeper program far outweighs this risk,” If you use a password manager, make sure that it has a very secure passphrase that you can remember.

Perhaps the best level of protection, though not necessarily convenient in all cases, is a physical key such as the YubiKey from Yubico. This is a small device that you can put on a keychain and insert into the USB port of a computer or data/charging port of a phone to verify your identity. Not all sites and apps work with Yubiko but a growing number do. Keys vary in price depending on the device they’re used for, ranging between $20 and $69.

Finally, consider biometrics. Many phones and computers allow you to use a fingerprint or facial recognition to access your device along with an optional password or PIN. Most Windows computers, for example, have built-in cameras that can recognize your face. While no form of protection is foolproof, biometrics are quite secure and, usually, very convenient. There are times when my Windows PC fails to recognize my face, so I type in my PIN # or password, but for the most part, it knows who I am and welcomes me in when I smile at the camera.

Larry Magid is a tech journalist and internet safety activist.

Published at Thu, 27 Feb 2020 13:00:57 +0000

Previous Post

Cal Coast Credit Union Opens Newest Branch in University City

Next Post

Frontline Data Solutions Is the Partner Every Manager Needs to Make A…

Related Posts

Lenovo Legion Y740 Review
Computers

Lenovo Legion Y740 Review

May 12, 2022
Quantum Computers: The Future Of Computer Technology
News

Quantum Computers: The Future Of Computer Technology

May 10, 2022
Virtual Reality and Augmented Reality
News

Virtual Reality and Augmented Reality

May 10, 2022
Robotic Process Automation (RPA): What It Is and Why Your Business Needs It
News

Robotic Process Automation (RPA): What It Is and Why Your Business Needs It

May 10, 2022
Artificial Neural Networks (ANNs) and Deep Learning: An Overview
News

Artificial Neural Networks (ANNs) and Deep Learning: An Overview

May 10, 2022
Top 8 New Technology Trends for 2022
News

Top 8 New Technology Trends for 2022

May 10, 2022
Next Post
Frontline Data Solutions Is the Partner Every Manager Needs to Make A…

Frontline Data Solutions Is the Partner Every Manager Needs to Make A...

Recommended.

Celebration Resort Relief, Inc. Becomes a Member of the Jacksonville IT Council

May 5, 2019
Neo El Joins Eagle Rock Partners Inc

Neo El Joins Eagle Rock Partners Inc

April 13, 2019

Trending.

How to simplify your post-holiday mission: returning or selling those unwanted gifts

How to simplify your post-holiday mission: returning or selling those unwanted gifts

December 21, 2016
Defentect Group, Inc. Announces Acquisition Strategy

Defentect Group, Inc. Announces Acquisition Strategy

March 16, 2021
15 Best Smartwatches With Built-in GPS in 2022

15 Best Smartwatches With Built-in GPS in 2022

July 11, 2022
ITRsearch.com

ITRsearch.com: time for you to read up on the latest IT industry news — and view the best tech recommendations to try. We cover numerous topics from computers, security, internet & more.

Categories

  • Apple
  • Apps
  • Camera
  • Computers
  • Drones
  • Gaming
  • Gear
  • Laptop
  • Microsoft
  • News
  • Review
  • Security
  • Smartphone
  • Social Media
  • Software
  • Tech
  • Wireless

Tags

Camera Dji Facebook Fujifilm Google GoPro Instagram iPhone Macbook Pro Microsoft MSI Pinterest Shopify

Recent News

Top 10 PC Keyboards in 2022

Top 10 PC Keyboards in 2022

July 13, 2022
15 Best Smartwatches With Built-in GPS in 2022

15 Best Smartwatches With Built-in GPS in 2022

July 11, 2022
  • Contact Us
  • Disclaimer
  • FTC Compliance
  • Privacy Policy
  • Terms & Conditions

© 1997-2022 ITrsearch.com, All Rights Reserved.

No Result
View All Result
  • Home
  • News
  • Reviews
  • Apple
  • Computers
  • Gaming
  • Gear
    • Audio
    • Camera
    • Smartphone
  • Microsoft
  • Security
  • Contact Us

© 1997-2022 ITrsearch.com, All Rights Reserved.