FBI - Oregon
Emergency Messages as of 11:10 am, Thu. Mar. 28
No information currently posted.
Subscribe to receive FlashAlert messages from FBI - Oregon.
Primary email address for a new account:

  
And/or follow our FlashAlerts via Twitter

About FlashAlert on Twitter:

FlashAlert utilizes the free service Twitter to distribute emergency text messages. While you are welcome to register your cell phone text message address directly into the FlashAlert system, we recommend that you simply "follow" the FlashAlert account for FBI - Oregon by clicking on the link below and logging in to (or creating) your free Twitter account. Twitter sends messages out exceptionally fast thanks to arrangements they have made with the cell phone companies.

Click here to add FBI - Oregon to your Twitter account or create one.

@FBIPortland

Hide this Message


Manage my existing Subscription

News Release
TT_-_PV_passwords.jpg
TT_-_PV_passwords.jpg
Oregon FBI Tech Tuesday: Building a Digital Defense With Passwords (Photo) - 02/18/20

The FBI has launched the “Protected Voices” initiative to help 2020 political campaigns and American voters protect against online foreign influence operations and cyber security threats. The Protected Voices campaign includes information and guidance from the FBI, the Department of Homeland Security, and the Office of the Director of National Intelligence.

This FBI Portland Tech Tuesday report is adapted from the Protected Voices initiative with a focus on providing cyber security information to political campaigns as well as businesses and individuals in Oregon. More information on all aspects of the initiative, including video downloads, can be found at www.FBI.gov/ProtectedVoices.

(Audio)

Welcome to the Oregon FBI’s Tech Tuesday segment. This week: building a digital defense with passwords… or rather passphrases.

We all use passwords. We use them for our phones, our computers, our email, and just about every other kind of personal account.

Unfortunately, many of us use simple passwords, such as Password1 or 1234, because they’re easier to remember. Some of us even reuse the same simple password for multiple accounts. 

If you use a simple password or pattern of characters, it’s considerably easier for an adversary to crack. Many businesses and sites require that passwords include uppercase letters, lowercase letters, numbers, and special characters. However, recent guidance from the National Institute of Standards and Technology, or NIST, advises that password length is much more important than password complexity. 

Instead of using a short, complex password that is hard to remember… consider using a longer passphrase. This involves combining multiple words into a long string of at least 15 characters. The extra length of a passphrase makes it harder to crack while also making it easier for you to remember.

For example, a phrase such as VoicesProtected2020WeAre is a strong passphrase. Even better – a passphrase that combines multiple unrelated words such as “director month learn truck.”

Here are the recommendations from the National Institute of Standards and Technology (NIST) for your organization:

  • Require everyone to use longer passwords or passphrases of 15 or more characters without requiring uppercase, lowercase, or special characters.
  • Only require password changes when there’s a reason to believe your network has been compromised.
  • Have your network administrators screen everyone’s passwords against lists of dictionary words and passwords known to have been compromised.
  • To help prevent a denial of service attack against your email service, don’t lock a user’s account after a certain number of incorrect login attempts. That way, even if an adversary floods your network with purposefully incorrect login information, your users won’t be locked out of their accounts.
  • Don’t allow password “hints.”

Finally, some people use password keeper programs. These programs store all of your passwords in one place, sometimes called a vault. Some programs can even make strong passwords for you and keep track of them all in one location, so then the only password or passphrase you have to remember is the one for your vault.

The downside of using a password keeper program is that if an attacker cracks your vault password, then he or she knows all of your passwords for all of your accounts. But many IT professionals agree, the benefit of a password keeper program far outweighs this risk. A little research should help you get started. 

Remember your voice matters, so protect it. Go to www.FBI.gov/ProtectedVoices for more information.

###

View more news releases from FBI - Oregon.