When the government agency best known for spying on British citizens tells you to make your passwords ‘less complex’, you’d be forgiven for being…sceptical. There is some method to this madness, but here’s why – as always – you should take it with a pinch of salt!
Brit intelligence agency GCHQ – probably best known for spying on its own citizens – has come out with some new advice on passwords that kinda flies in the face of pretty much all the security advice you’ve heard before.
The standard practice for protecting your data has been to create long, strong, complex and unique passwords for all your accounts to make them harder to crack by those that want to get at your personal info.
But GCHQ says that as most attacks are down to things like phishing scams (attackers maraud as trusted sources, convince you to click on links, then ask you to input all your personal data for them), having super complex passwords just means you’re more likely to re-use them, or write them down, ironically putting yourself at more risk. The report found that the average Brit has 22 passwords, which is way more than you’d ever be able to remember; I’m not gonna lie, I can barely remember this morning.
The document is called Password Guidance: Simplifying your Approach and offers a whole bunch of guidelines on how to keep yourself safe, with some sound advice like always changing sites’ ‘default’ passwords, ensuring accounts can be locked when under attack, and making sure passwords are encrypted.
One of the more controversial bits of the report is that you shouldn’t use long, complicated passwords as they’re too hard to remember, and you should use passphrases – passwords made up from several words – instead. However, our security arm Secarma say that in their opinion, that is potentially no safer than using a complex password: they’re often common dictionary words which means they’re not that hard to crack, and you still have to remember lots of passwords anyway!
They say that although no method is fool proof, password managers – which generate strong passwords then store them for you, so you only have to remember the password to that account – could be the way to go.
Having other security measures in place to monitor systems for unusual activity is also important, and two or multi factor authentication is becoming increasingly popular too. UKFast offers two factor authentication for users in its MyUKFast client area.
Crucially, the report mentions the ‘false sense of security’ that passwords can create. It’s important to remember that no system is totally safe and you need to be monitoring yours, keeping an eye on bank statements, and generally staying vigilant to give yourself the best possible chance!
To find out more about our security solutions, take a look at our website or give us a call on 0208 045 4945.