Long passwords won’t keep you safe warn security services

Follow¹

Complex passwords do little to reduce the risks of people being hacked by cyber-attackers, Britain’s security services have warned as they advised businesses to simplify their approach.

CESG, the Information Security arm of GCHQ,² has said complicated passwords do not “frustrate attackers” but actually just make life “more complicated” for users of technology.

embedded content

The advice suggests people who have been going out of their way to create more complicated passwords may be inadvertently leaving themselves more exposed.³

“Password guidance – including previous CESG guidance – has encouraged system owners to adopt the approach that complex passwords are stronger , the guidance reads.

What a lot of people will do is simply write that password down.” Raj Samani

However, complex passwords do not usually frustrate attackers, yet they make daily life much harder for users . They create cost, cause delays, and may force users to adopt workarounds or non-secure alternatives that increase risk.

It went on: This guidance advocates a dramatic simplification of the current approach at a system level, rather than asking users to recall unnecessarily complicated passwords.”

Cabinet ministers’ email hacked by Isil spies⁴

The move is part of the government s drive to ensure businesses are better protected from cyber-attacks amid increasing concern the country s infrastructure is exposed.

David Cameron has prioritised cyber-security since taking office in 2010 in a drive that has seen British and American intelligence officials war-game potential attacks.

The idea security can be increased by simplifying password procedures will be welcomed by people across Britain who have become accustomed many different codes for different accounts.

Suggesting protection can be improved by simplifying password may raise eyebrows, but Raj Samani, a chief technology officer at Intel Security, explained the rationale.

By having complex passwords individuals would find methods to remember them and those mechanisms could lead to security vulnerability, he told The Telegraph.

What a lot of people will do is simply write that password down . We have lots of examples of computer hackers who will try to extract that information by manipulation.

PayPal wants to implant passwords in your stomach and your brain⁵

There have been a series of high profile embarrassments in recent years where passwords written down in offices have become public after being seen on live TV.

During a recent Super Bowl, one of America s biggest sporting events, the credentials for the stadium s wireless network were accidently displayed on television.

The WiFi code had been reserved for press and other services at the stadium but being soon was shared on social media, available for free to thousands of people attending the match.

In another incident, the passwords to the social media accounts of TV5 Monde, a French television channel, were accidently exposed when a reporter was interviewed during a broadcast .

They had been written on sticky notes that were visible in the shot.

telegraph.co.uk⁶

Follow @telegraph⁷ How we moderate⁸

References

1. ^{^} Follow (twitter.com)
2. ^{^} CESG, the Information Security arm of GCHQ, (www.telegraph.co.uk)
3. ^{^} complicated passwords may be inadvertently leaving themselves more exposed. (www.telegraph.co.uk)
4. ^{^} Cabinet ministers’ email hacked by Isil spies (www.telegraph.co.uk)
5. ^{^} PayPal wants to implant passwords in your stomach and your brain (www.telegraph.co.uk)
6. ^{^} telegraph.co.uk (www.facebook.com)
7. ^{^} Follow @telegraph (twitter.com)
8. ^{^} How we moderate (my.telegraph.co.uk)

The post Long passwords won’t keep you safe warn security services appeared first on News4Security.