Pick Perfect Passwords

GCHQ has published new password guidance designed to "improve security, while improving usability of systems."

16:28 14 September 2015

Following the hacking incident where hackers were able to decode more than 11 million encrypted passwords from the Ashley Madison website, a UK government agency has released fresh guidance on how to pick the best passwords.

 

Contrary to popular beliefs, complex passwords are not the most ideal. According to the report released by the GCHQ, these passwords are counterproductive as users tend to write them down or reuse the same one on many websites.

 

"Talking about a good password suggests that choosing a long or complex password offers better protection. That is not necessarily the case," said Dr Steven Murdoch from the Department of Computer Science at University College London.

 

"Secure systems should not just rely on a single password, but have additional technical controls which the system owner can use to detect abnormal behaviour and protect the user's account."

 

Using symbols and punctuation is also a nuisance for people using mobile devices.

 

"Complex passwords are hard to type on touchscreens, since you have to toggle between keyboards," said Dr Angela Sasse, UCL's head of information security research.

 

She added: "Never reuse important passwords (like for online banking) on other websites.”

 

"Not all websites protect their passwords properly, or your password may be captured by malware. Use unique passwords with a password manager to keep track of them."