Britain’s security services have now said that we may be safer from hackers if we don’t keep changing passwords.
Whoa, just hold on a second – I thought it was a security risk to stick with one password for everything and never change it?
Well apparently not, it turns out.
According to the Daily Mail, in a new government briefing to power stations, banks and the public sector, cyber experts at CESG – the information security arm of intelligence agency GCHQ has revealed:
It’s one of those counter-intuitive security scenarios – the more often users are forced to change passwords, the greater the overall vulnerability to attack.
Okay, so what is all the crap about changing your passwords more times than you change your pants in order to stay safe?
Anyway, the advice continues:
Most password policies insist that we have to keep changing them. And when forced to change one, the chances are that the new password will be similar to the old one.
Apparently attackers can exploit this as new passwords are more likely to be forgotten, which leads to users being locked out, which allows hackers an opportunity to strike.
And, as a result, CESG now recommends organisations do not force regular password expiry.
The advice comes as ministers urge greater protection against cyber crime, after a survey found two-thirds of large businesses suffered an attack or security breach in the past year.
It’s also great news for me as I only have the capacity to retain one password at the best of times – let alone when I’m trying to make an impulse eBay purchase at two in the morning.