Your forum username:
Do you already have an account?
Forgot your password?
  • Log in or Sign up


    Welcome to Sky User - The Unofficial Support Forum for everything Sky! - Proudly helping over 65k members.


    Advertisement

    Results 1 to 4 of 4
    Like Tree2Likes
    • 2 Post By pete.i

    Stop resetting your passwords, says UK govt's spy network

    This is a discussion on Stop resetting your passwords, says UK govt's spy network within the General Computing and Internet forums, part of the Community channel category; Stop resetting your passwords, says UK govt's spy network No, seriously, it's a bad idea. Honestly The UK government has, ...

    1. #1
      Scubbie's Avatar
      Scubbie is offline Sky User Moderator
      Exchange: 02392
      Broadband ISP: Sky Fibre Unlimited
      Router: Sky Q Hub ER110
      Sky TV: Sky+HD box
      Join Date
      Mar 2010
      Location
      Near Portsmouth
      Posts
      28,200
      Thanks
      842
      Thanked 2,223 Times in 2,092 Posts

      Stop resetting your passwords, says UK govt's spy network

      Stop resetting your passwords, says UK govt's spy network
      No, seriously, it's a bad idea. Honestly

      The UK government has, on World Password Day, repeated its advice against the common security practice of routinely changing passwords.

      "In 2015, we explicitly advised against [the practice]," a post by GCHQ's Communications-Electronics Security Group (CESG) notes. "This article explains why we made this unexpected recommendation, and why we think it’s the right way forward."

      As tech advice goes, this is one that people will actually want to hear, and the CESG has put out a 16-page document [PDF] called "Simplifying Your Approach" that explains what you should do to get your information secure without driving your users crazy.

      The idea behind automatically and regularly resetting your password is pretty obvious: it makes historical password information useless; it forces users to periodically think about security; it increases the likelihood that people will use a password they do not use for other services; and it creates more of a moving target for potential hackers.

      Hang on, why is it a bad idea again?

      "The problem is that this doesn’t take into account the inconvenience to users – the ‘usability costs’ – of forcing users to frequently change their passwords," says CESG. "The majority of password policies force us to use passwords that we find hard to remember."

      The problem is our rubbish brains, the organization reveals: "While we can manage this for a handful of passwords, we can’t do this for the dozens of passwords we now use in our online lives."

      The result, according to CESG, is that we are more likely to write our password down. Or forget the password altogether, forcing service desks to reset them, chewing up time and resources.

      Skeptics


      As a result, CESG "now recommend organisations do not force regular password expiry." Instead, it says, companies should introduce system monitoring tools such as showing a user the last time they logged in to flag if someone else is using their account.

      Although users are likely to love this new advice, sysadmins are likely to be a little more skeptical – especially as they are the ones who see what sorts of mind-numbingly easy passwords people choose, and the fact that huge numbers of people will use the same one or two passwords for everything from their work system login to Twitter to whatever online form they fill in to win some free gift (spoiler: you won't win but someone will be celebrating – the miscreant who gets to sell your personal data).

      As for CESG, we cannot think of a single reason why the organization, which is part of the UK's spying organization GCHQ, would benefit from people not updating their passwords.

      It is inconceivable that an organization trusted with making citizens safer would ever wish to be able to monitor those same citizens. And, we'd be hard pushed to think of a single time in which GCHQ has not been completely upfront and honest about its activities and its methods.

      So if you trust the security services with your passwords – and who out there doesn't? – then you'd be crazy not to give this recommendation serious consideration.
      Comment: Hmmm... having cross-posted an article earlier today regarding various email accounts being hacked, it's important to ensure that your passwords are safe.


    2. Advertisement
    3. #2
      speedyrite's Avatar
      speedyrite is offline Sky User Member
      Exchange: MYHGT
      Broadband ISP: NOW Broadband
      Router: NOW TV Hub Two
      Sky TV: NOW TV
      Join Date
      Sep 2006
      Posts
      2,357
      Thanks
      375
      Thanked 160 Times in 154 Posts
      Blog Entries
      1

      Re: Stop resetting your passwords, says UK govt's spy network

      That CESG advice seems to contradict the security policy of every organisation that I have ever worked for over the past 35 years! So it must be correct...
      ++ speedyrite ... powered by NOW Broadband from June 2018 ++
      (previously powered by Sky Broadband from July 2007)

    4. #3
      pete.i's Avatar
      pete.i is offline Sky User Member
      Exchange: 01757
      Broadband ISP: Sky Fibre Unlimited
      Router: Sagem F@ST 2504
      Sky TV: Freesat/etc
      Join Date
      Jun 2007
      Posts
      371
      Thanks
      2
      Thanked 8 Times in 8 Posts

      Re: Stop resetting your passwords, says UK govt's spy network

      It also makes it far easier for Big Brother to keep eye on you and me although I'm sure that fact isn't lost on discerning readers.
      speedyrite and Scubbie like this.

    5. #4
      Scubbie's Avatar
      Scubbie is offline Sky User Moderator
      Exchange: 02392
      Broadband ISP: Sky Fibre Unlimited
      Router: Sky Q Hub ER110
      Sky TV: Sky+HD box
      Join Date
      Mar 2010
      Location
      Near Portsmouth
      Posts
      28,200
      Thanks
      842
      Thanked 2,223 Times in 2,092 Posts

      Re: Stop resetting your passwords, says UK govt's spy network

      The best advice I can suggest is to pick a theme.

      One common theme is pet names. Of course you can choose an entirely different theme of your liking and hopefully one that is harder to work out.

      So using the theme you might have the name "tibbles'. You can then change the "i" for a 1 and the s for a 5, making your password 't1bble5'.

      Next month you could pick "rover", changing the 'o' to a '0', making 'r0ver'. ...and so on.

      Yes these examples might be a little short for many systems now. Often you need at least 8 characters and a mix of both upper and lower case, but I think people can get the idea from this. Of course you could simply add the year you got rover.

      Sky Fibre Unlimited Pro: Connected at 80,000 kbps / 20,000 kbps
      Previous ADSL2+ Speed 19999 kbps 1153 kbps, Line Attenuation 17.5 db 6.9 db, Noise Margin 7.5 dB 8.7 dB
      Speedtest: 17.15MB/s 0.97Mb/s Ping 31 ms

     

     

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •  
    SkyUser - Copyright © 2006-2017. SatDish and NewsreadeR | SkyUser is in no way affiliated with Sky Broadband / BSkyB
    RIPA NOTICE: NO CONSENT IS GIVEN FOR INTERCEPTION OF PAGE TRANSMISSION