Complex passwords do little to reduce the risks of people being hacked by cyber-attackers, Britain's security services have warned as they advised businesses to simplify their approach.
CESG, the Information Security arm of GCHQ, has said complicated passwords do not "frustrate attackers" but actually just make life "more complicated" for users of technology.
The advice suggests people who have been going out of their way to create more complicated passwords may be inadvertently leaving themselves more exposed.
"Password guidance - including previous CESG guidance - has encouraged system owners to adopt the approach that complex passwords are ‘stronger’,” the guidance reads.
“What a lot of people will do is simply write that password down."
Raj Samani
“However, complex passwords do not usually frustrate attackers, yet they make daily life much harder for users. They create cost, cause delays, and may force users to adopt workarounds or non-secure alternatives that increase risk.
It went on: “This guidance … advocates a dramatic simplification of the current approach at a system level, rather than asking users to recall unnecessarily complicated passwords."
No comments:
Post a Comment