To Customer Support To Customer Support

GCHQ wants to set your passwords. In a good way

  • 11 September 2015
  • 2 replies
  • 1 view
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54

Enough already with the strength meters and frequent changes says security agency

 
                                       


 
11 Sep 2015 at 04:58, Darren Pauli
 
Britain's spy agency the GCHQ has changed its password security guidance in a new document offering sensible advice that, if followed, should harden systems and make life easier for admins and users.
 
The guidance advocates a ban on password strength meters, mandatory resets, and predictable combinations, instead encouraging brute force rate limiting and reduced access controls.
 
The advice is not for the likes of GCHQ itself who should maintain their own air-gapped faraday cages security systems according to risk appetite.
 
The guide covers the obvious such as how passwords can be cracked and the need to change from pre-installed defaults, but also offers solid advice that admins should only dole out passwords where they are required and allowing the use of password storage lockers.
 
Full Article

2 replies

R
Rank
Userlevel 7
Makes sense on this article, we do need a better systems and a way to secure and distribute passwords.
R
Rank
Userlevel 7
By Ian Barker
 
http://betanews.com/wp-content/uploads/2015/09/007-style-spy-600x433.jpg
Britain's electronic intelligence agency GCHQ has released new guidelines to help individuals and businesses choose strong passwords.
In a report issued in conjunction with the Centre for the Protection of National Infrastructure it suggests that the use of complex passwords is no longer required.
 It advises using password managers but warns that, "...like any piece of security software, they are not impregnable and are an attractive target for attackers". It also recommends that businesses make life easier for their users by only applying passwords when they're really necessary and only insisting they're changed when there's evidence of compromise. It suggests using alternatives like hardware tokens or RFID badges too.
The report warns of the limitations of common user techniques such as substituting letters for numbers, and of machine generated passwords -- principally that they're hard to remember. Instead it recommends using schemes that are more memorable such as combining four random dictionary words or adopting consonant-vowel-consonant construction
 
 
full article

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.