Are long passphrases the answer to password problems?

Passphrases can be more secure than passwords, but there are limitations and hackers will eventually master cracking them.

NIST’s relatively new password recommendations, which includes not using long and complex passwords that are frequently changed, are turning the computer security world on its head. Many security practitioners simply refuse to believe the new advice.

I get it.

The new advice overturns decades of previous advice, from the same organization that that told us to trust the last 180-degree different advice, no less.

But times change. Hacking methods change. What used to stop the day’s most popular attacks no longer works quite as well. It should be expected that attackers moved on to other, more successful methods once passwords started to get harder to crack. Or are they?

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!