UK cybersecurity agency rejects complex password rules

UK cybersecurity agency rejects complex password rules

They can lead to passwords that are easy to guess. Instead, the NCSC relies on passwords that consist of at least three randomly chosen words.

The UK cybersecurity agency NCSC warns against relying solely on complex password rules when generating passwords. Specifications such as uppercase, lowercase letters and numbers could lead to passwords such as “Pa55word”, which are easy to guess despite adherence to the specifications. Instead, the authorities advise users to simply combine three randomly selected words into a password.

Earlier warnings by the NCSC about password complexity requirements were directed at administrators who are responsible for protecting IT systems. She urged companies to introduce password expiration guidelines as they encourage users to choose slight variations on existing passwords. Microsoft submitted its recommendation for regular password renewals in 2019 Windows 10 on the grounds that the directive is out of date and of little use.

The NCSC advocates three random words, among other things, because such passwords are easier to remember. Secure alternatives such as password managers are not widely used. In addition, three words usually lead to longer passwords. According to the authority, they also increase diversity, which should make it more difficult for hackers to find passwords using search algorithms.

Leave a Reply

Your email address will not be published.