For years it has been common practice to regularly change the passwords you use for key logins. Users have been repeatedly encouraged to come up with unique variations in an attempt to help keep cyber criminals at bay and to safeguard against hacking. But, in what some people are finding a confusing turnaround, the UK government has now repeated advice against doing exactly this, claiming instead that it plays directly into the hands of those you are trying to protect against.
Although potentially confusing, the advice is entirely right, as in many instances it appears that frequent altering is actually as damaging as not changing your passwords at all. The advice has come from the UK Intelligence Agency, Communications-Electronics Security Group (CESG), who effectively work as the government’s cyber security experts. They reiterated the message this month on World Password Day.
The CESG has cited what they call ‘the usability costs’ of such a regime. In other words, people are being inconvenienced by the demand to frequently change their passwords and are resorting to measures that make little to no difference. Only changing a few characters of your previous password will not have the desired effect, and anything too elaborate risks being written down to remember. This is the crucial point, as a hard copy of your password defeats the object of the exercise, and would mean instant access to potentially harmful sources should it fall into the wrong hands.
There are several tools that can help mitigate against the risks the CESG have raised. One such option would be the use of password management software, such as Last Pass. This particular tool stores your password information, auto-fills forms on your behalf and offers random password generation. This grouping not only creates complex password combinations for you but also keeps them safe. The security involved makes them difficult to hack and keeps your important login data protected.
Implementing two factor authentication across your internet usage is another way that you can alleviate the risks of hacking. Google Authenticator is another available tool, one that generates 2-step verification codes on your phone and adds an additional layer of security to combine with your password. Another common method is the use of a designated token system that offers a similar service, as well as a ‘text back’ facility. The HMRC are currently running this particular version, texting back 6-digit codes to users that are then combined with a password for entry or confirmation of a service.
As with all aspects of cyber-security, the solution to staying safe isn’t always a drastic change. Yes, regularly changing your password can lead to complacency, and if you find yourself having to write down a password, or if you are only changing a couple of characters, then it isn’t working. But by utilising tools such as Google Authenticator and Last Pass, you can remain safer without any real overhaul of how you manage your passwords.
If you need any information or guidance regarding staying safe online please get in touch 0844 586 0040 or complete our contact form.