Internet-savvy people have spent their whole web-based lives regarding password security as the only defense between you and someone stealing your identity. Over the years there have been books written to explain how one maintain one’s online security. One of the most common methods is to creating unique and difficult-to-guess passwords to keep all of your secrets safe. But now a UK spying agency is telling you to stop being so secure.
“PASSWORD GUIDANCE: SIMPLIFYING YOUR APPROACH”
The UK’s spying agency, GCHQ, has created a brand new document that tackles password security in a modern day internet environment. This document is titled ‘Password guidance: simplifying your approach’. In it, the spying agency gives readers a lot of tips to keep their passwords safe in today’s online environment.
“The death of the password was predicted some ten years ago,” says GCHQ in the document. And to be honest, they really aren’t too far off from the truth. Passwords have many vulnerabilities. Let’s say you follow one general rule of thumb: create a unique password for every account you have. If you have 50 accounts out there that are all linked to your email address, and your email address gets hacked, then you suddenly find yourself in a predicament. Do you really want to go searching through 50 websites to find out how to change the password for all of those sites? The answer is probably no.
It’s one of the reasons why Apple and many other cell phone manufacturers have begun using fingerprint scanners as a way of logging into your phone (among other things).
THE NEW GUIDELINES FOR PASSWORDS
According to the spying agency’s new guidelines, hackers can discover passwords using many techniques that are “freely available.” These techniques include phishing, manual password guessing, ‘shoulder surfing’, keyloggers, brute-force attacks, and many more. The new document suggests just seven simple tips.
Most of these tips are still based on common sense. The first tip is to change default passwords. Another is that it’s (probably) totally fine to use a password manager. Also, don’t store passwords as plain text. Many of the other techniques are geared more towards the IT crowd, such as not requiring passwords to get into areas that don’t need security. Or using protective monitoring.
KEEP PASSWORDS SIMPLE, STUPID
All of the above tricks are fine and dandy, but one piece of advice offered revolves around not using difficult passwords, but using ones that are easy to remember; such as three simple words. The idea is that a company should have their infrastructure set up to be more secure so that security doesn’t fall upon an individual user keeping track of a hundred different passwords that are hard to remember.
It all sounds a little suspect when you think about the fact that it’s already been found out that GCHQ has been attacking security services used by British citizens in order to conduct surveillance. Would you really take password security advice from someone like that?