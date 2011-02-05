Censornet Comment: NCSC Issues Password Guidance

August 2021 by CensorNet

There is always a mountain to climb when it comes to encouraging people to follow good security practices, so it is heartening to see some solid advice from GCHQ. Just two years ago, research from the National Cyber Security Centre found that “123456” was the most popular password in the world – and I’d be surprised if the situation had changed appreciably.

However, the password guidance from GCHQ could go further. Hackers know that if a business relies solely on passwords for securing remote or cloud access, there is always going to be a way into its system. All it takes is for one employee to give away useful information or be persuaded to click on a phishing link.

It’s very easy to find out someone’s username for instance, which is often simply their work email address and therefore printed on business cards and social media accounts. If attackers find a username they could conduct phishing campaigns to capture the associated account password. They could also draw on open-source intelligence from social media to try and guess it. Either way, the result is the same: the hackers are inside.

GCHQ should consider taking a bigger step and recommending that businesses use multi-factor-authentication, which protects accounts with more than just a password. If MFA was used across government and industry, it would not only secure individual organisations but help with the wider mission of protecting the UK and its interests.