Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

UK’s cyber-security chief ridicules public guidelines for internet passwords as impossible even for spies to follow

Every British citizen is effectively being asked to memorise a 600-digit number every month, Ciaran Martin warns 

Joe Watts
Political Editor
Tuesday 14 February 2017 04:33 EST
Comments
The state has suffered 60 attacks per month in the first three months of the new National Cyber Security Centre’s operation
The state has suffered 60 attacks per month in the first three months of the new National Cyber Security Centre’s operation (EPA)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

The UK’s cyber security chief has ridiculed public guidelines on internet passwords, claiming they require average Britons to memorise the equivalent of a 600-digit number every month.

The head of GCHQ’s new National Cyber Security Centre, Ciaran Martin, said even his best spooks would not be able to remember all the different passwords current guidelines require.

He called for some new simpler advice to help people manage security, as the Queen was due to formally open his new centre, with Chancellor Philip Hammond also present to outline the threat to the UK from both criminals targeting the public and state actors attacking the Government.

Mr Martin said that last year the Government blocked 300 million attempts from criminals emailing members of the public, pretending to be HM Revenue and Customs in a bid to commit fraud.

Asked about the burden of current personal security guidelines, which require people to have a multitude of different passwords and to regularly change them, he said: “We’ve got to make it easier for people to operate safely.”

Speaking to BBC Radio 4’s Today programme, he went on: “We did some work where we worked out what we are asking the average British citizen to do in their personal and professional life, if they follow all the guidance on changing their password and how their password should be configured.

“We worked out, what we were asking every British citizen to do was to memorise a new 600-digit number every month, my best technical people can’t do that. None of my best people can do that.

“So we shouldn’t be telling other people to do that.”

He said people could use “password managers” to help them deal with the problem and potentially have a single strong password for things that matter most to apply better protections to a smaller number of things.

Mr Martin added: “What we need to do is help people make sensible, informed, evidence-based decisions about what protections are appropriate to them.”

He also explained that over the past two years there had been a significant increase in the threat in cyber-space from Russia against the West, focussed on critical infrastructure and on political and democratic systems, such as the allegations relating to the US and German elections.

While the same intense attacks had not yet taken place in the UK, he explained that the threat was real. The state had suffered 60 attacks per month in the first three months of the new National Cyber Security Centre’s operation.

DNI Chief describes current Russian cyber threat

In his speech today, Mr Hammond was set to call on businesses to play a greater role in helping protect the country from cyber-attacks.

The “Industry 100 initiative” will see 100 employees from the private sector be invited to temporarily transfer their work to the NCSC.

Mr Hammond believes the move will allow the Government to “draw on the best and the brightest in industry to test and challenge the Government’s thinking”.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in