08:35 GMT +319 August 2019
Listen Live
    Passwords

    You Can't Handle It: UK Spy Agency Tells Public to Stop Resetting Passwords

    © Photo : Pixabay
    Europe
    Get short URL
    486

    Fed up with being forced to use a password for almost everything you do online? Even worse, repeatedly told to reset them and then forgetting them again? Well, the UK Government's Communications Headquarters (GCHQ) has used a day dedicated to passwords to tell people not to bother changing them.

    World Password Day and its accompanying website offers a "pep talk" on passwords from an elderly woman called Betty.

    "Don't let hackers ruin your game. It's time for a sit down with Betty" the, website states.

    Quick to rain on Betty's parade, GCHQ decided to use World Password Day to once again tell people not to bother resetting their passwords — while Betty was trying to help people be more secure online.

    "Betty has some gentle advice to get you on your way to a more secure online life."

    post by GCHQ's Communications Electronics Security Group said: "In 2015, we explicitly advised against it [resetting passwords].

    "Let's consider how we might limit the harm from an attacker who knows a user's password." The post then explains why policies forcing a person to change legitimate passwords are a waste of time and an "inconvenience to users."

    "Our passwords have to be as long as possible and as 'random' as possible. And while we can manage this for a handful of passwords, we can't do this for the dozens of passwords we now use in our online lives."

    GCHQ doesn't think the public can handle having too many passwords and won't remember them and this "makes matters worse."

    It turns out that apparently, according to GCHQ, the more times you forget your password and have to get it reset by a service desk, the more vulnerable you are to an attack.

    "The chances are that the new password will be similar to the old one" and "attackers can exploit this weakness."

    "What appeared to be a perfectly sensible, long-established piece of advice doesn't, it turns out, stand up to a rigorous, whole system analysis."

    To make it simpler to understand, the CESG has issued a guide: "Simplifying Your Approach" which explains how to make your information more secure online in a handy 16-page PDF document.

    But it might be easier to sit down with Betty for some "gentle advice" instead.

    Related:

    British Spy Agency GCHQ Moves Fast to Prevent Mass Energy Hack Attack
    New Snowden Docs Reveal GCHQ’s Metadata Collection Details
    Calls for Greater Online Oversight in UK as GCHQ Admits to Computer Hacking
    British Court Rules UK Politicians Are Fair Game for GCHQ Spies
    Tags:
    advice, passwords, security, British Government Communications Headquarters (GCHQ), Great Britain, United Kingdom
    Community standardsDiscussion
    Comment via FacebookComment via Sputnik