Although it is mainly known for snooping on communications networks in the nation’s interest, the UK intelligence agency GCHQ is now giving data protection advice for choosing your online passwords.
The tips include urging individual users and organisations alike to stop using complex passwords and switch to simple rubrics and password managers.
The activities of the agency have been common knowledge for years, but they recently had the spotlight shone on them when the leaked data in the Snowden files became public.
Now GCHQ and the Centre for the Protection of National Infrastructure have released a report called “Password guidance: simplifying your approach.” The report recommends an end to complex passwords and a switch to ones made up of three random words.
Other suggested practices include using password managers and systems that can detect unauthorised activity.
Director general of cyber security for GCHQ Ciaran Martin said: “Complex passwords do not usually frustrate attackers, yet they make daily life much harder for users.”
The new advice has been greeted with scepticism in some quarters, with counter suggestions that GCHQ’s advocacy of password managers may indicate they are used as backdoors into products.
The report itself contains the warning that “like any piece of security software, they are not impregnable and are an attractive target.”
Higher levels of security needed for administrators and remote workers should be based on
two-factor authentication methods, according to GCHQ.
For more casual users, the report suggests a common sense approach such as “all default vendor-supplied passwords that come with any system or software should be changed before deployment”, along with advice to “never allow password-sharing between users.”
Nigel Hawthorn from security company Skyhigh Networks commented: “The security industry is awash with password advice, but much of it is contradictory or simply not suited to modern working. The result – passwords still puzzle many. GCHQ’s latest advice is refreshingly to the point and covers some of the most pressing issues facing UK businesses and employees today.”