Belfast Telegraph

UK Website Of The Year

UK spy agency GCHQ: Stop using difficult-to-guess passwords

Published 15/09/2015

GCHQ: Complex passwords do not usually frustrate attackers, yet they make daily life much harder for users
GCHQ: Complex passwords do not usually frustrate attackers, yet they make daily life much harder for users

UK spying agency GCHQ, found to have been conducting wholesale surveillance on UK citizens, has recommended that the public make their passwords less complex.

In a document called ‘Password guidance: simplifying your approach’, the company gives a range of guidelines to keep consumers safe. That includes rolling back previous guidance “that complex passwords are ‘stronger’” — instead recommending that people simplify their approach.

The agency gives a range of hints to those working in IT as well as normal consumers.

Those include warning people to change their default passwords, to make sure that accounts can be locked out if they’re under attack and avoid storing passwords as plain text files that can be read by anyone.

The agency also warns against the problems of “password overload”. That is what happens when people create too many complex and unmemorable passwords, which leads them to write them down or re-use them and so become unsafe.

Those complicated passwords are often the result of organisations imposing rules about the complexity of passwords — requiring that they are a certain length, for instance, or include special characters. But instead companies should just create more security rules, so that people can use their own, more simple passwords.

Read more

GCHQ may be spying on Northern Ireland Assembly members after policy change, claims Amnesty

NSA and GCHQ attacked antivirus software so that they could spy on people, leaks indicate

Stingray spy technology: fake mobile phone masts found operating in UK

Sim card maker Gemalto says it was hacked by GCHQ and NSA but claims encryption keys are safe

UK government rewrites surveillance law to get away with hacking and allow cyber attacks, campaigners claim  

Those simple passwords might be made up of just three simple words, for instance. Or users could sign up for password managers — software that generates and then stores the passwords so that are both complex and never have to be remembered.

“Software password managers can help users by generating, storing and even inputting passwords when required,” the report says. “However, like any piece of security software, they are not impregnable and are an attractive target for attackers.”

That second sentence might be of note to people looking to use the password — GCHQ itself has been found to have been attacking security services used by British citizens, in an attempt to make it more easy to conduct its surveillance and spying operations.


Independent News Service

Your Comments

COMMENT RULES: Comments that are judged to be defamatory, abusive or in bad taste are not acceptable and contributors who consistently fall below certain criteria will be permanently blacklisted. The moderator will not enter into debate with individual contributors and the moderator’s decision is final. It is Belfast Telegraph policy to close comments on court cases, tribunals and active legal investigations. We may also close comments on articles which are being targeted for abuse. Problems with commenting?

Read More