The secret of how to create the best online passwords is out from Britain’s technology super hackers GHCQ.
GCHQ is the ultra-secure government online and telecommunications monitoring agency responsible for keeping track of millions of phone calls, emails and other online activity every day.
After a series of well-publicised hacks of sensitive personal information from banks, secure shopping portals and the controversial Ashley Madison dating web site, GCHQ published a guide to setting the most secure passwords for British government employee.
The suggestions go against information dished out by online security firms and explained picking the perfect password was a lot simpler and easy to remember than most people think.
“It’s a common fallacy that long, complicated passwords with upper case and lower case letters, numerals and symbols are the best protection against hackers,” said Dr Steven Murdoch from London University’s computer science department.
He explained that revealing these passwords is often easier because technology users have to write them down or note them on a file within their system to remember them.
“So once a hacker or thief has someone’s phone or is inside their operating system they are easy to crack,” said Murdoch.
GCHQ says resorting to symbols and punctuation within passwords makes them difficult to enter on touch screens because users have to switch between keyboards.
The agency also points out that studies show passwords are rarely cracked, but are most likely stolen in phishing attacks by malware or downloaded from databases.
Passphrases not passwords
The perfect password, says GCHQ is a ‘passphrase’ like someone%ate%my%hat285.
“These are easier to remember and input to devices and less likely to be cracked by hackers,” said the GCHQ report.
“Other security that detects external attacks or abnormal tampering with the system, is also another good line of defence against a hacker,” says GCHQ.
The agency also flies in the face of other common technical wisdom that suggests regularly changing passwords as damage control for lost or leaked data.
“Our experience shows that this leads to incremental passwords that are easy to break, like changing gchqworker1 to gchqworker2,” says GCHQ.
“Users tend to access different devices and apps with the same password because they run out of new ones. These are often cracked within minutes and add no value to expensive to implement security procedures.”