Last week, GCHQ got into the act, issuing, in conjunction with its information security arm CESG and the Centre for the Protection of National Infrastructure (CPNI), guidance on how to simplify your approach to selecting passwords.
As hacking seemingly becomes more prevalent, all types of organisation require users to adopt more complex passwords. Most readers will be familiar with the need for passwords to be more than eight characters in length, to include upper and lower case letters, at least one number and one character. They often end up like a deleted expletive in a cartoon strip.
At the beginning of this year, security specialist SplashData published its list of the 20 worst passwords of 2014. Leading the list was '123456', followed closely by 'password' and such old favourites as 'letmein', 'qwerty' and 'trustno1'.
On the subject of trusting nobody, GCHQ suggests not trusting the password strength meters beloved of sites that require more complex passwords. These, says GCHQ, may fail to account for the factors that can make passwords weak, including using personal information and repeating characters or common character strings.
It also points the finger at machine generated passwords, which it says are often too difficult for people to remember. This increases the likelihood of insecure storage, it claims.
While GCHQ makes some sensible suggestions, the issue of passwords will remain thorny. But there is a school of thought that says writing them down on a piece of paper is a reasonably secure solution - so long as you use a different password for each site.
