Security Industry Welcomes GCHQ Password Guidelines

Security industry representatives have welcomed GCHQ's publication of guidelines on business password policies, and say the policy covers some of the most pressing issues facing UK employees and businesses today.

Put together by the UK intelligence agency, the programme suggests that simplifying the approach to passwords will allow businesses to "reduce the workload on users, lessen the support burden on IT departments and combat the false sense of security that unnecessary complex passwords can encourage."

According to the guidelines users should not be forced to change their passwords on a regular basis, but should only do so if there is an indication or suspicion of a breach, as employees could end up choosing easy-to-remember passwords if they are required to change them often.

The guideline states that password strength meters should be banned and replaced with a list of predictable passwords and ones to avoid.

GCHQ also believes password managers are helpful but says they are also very risky.

The document says passwords should never be shared and organisations should only provide temporary access to data in an emergency.

print this article

Return to internet news headlines
View Internet News Archive

Share with: