UK News

Online login requirements 'onerous and dumb' says cyber security expert

Director of Engagement and Advice Alex Dewdney, right, gives Queen Elizabeth a demonstration, during the official opening of the National Cyber Security Centre (NCSC) in London, of how an electricity supply could be subjected to cyber attack PICTURE: Dominic Lipinski/PA
Hayden Smith

THE DIZZYING array of rules on online passwords means the average internet user is being asked to remember the equivalent of a new 600-digit number every month, cyber security chiefs say.

One government expert described onerous sets of requirements on the length and make-up of login codes as "dumb".

Tens of millions of people now use a host of web services every day, but the trend has brought with it the challenge of remembering a string of passwords.

Users face myriad rules including minimum numbers of letters and the use of upper and lower case characters and digits. They may also be asked to regularly change their password.

The issue came under the spotlight yesterday as the new National Cyber Security Centre (NCSC) in central London was officially opened.

Dr Ian Levy, technical director at the NCSC, said: "Across everybody's private and work life, all the different services they have, all the different passwords, the average complexity and the average change interval, broadly speaking it's the same as asking somebody to remember a different 600-digit number every month.

"When I say it's dumb, that's why I say it's dumb."

NCSC chief executive Ciaran Martin highlighted the challenge faced by millions of Britons, saying that even his top specialists would struggle to memorise a new 600-digit figure every month.

"None of my best people can do that, so we shouldn't be telling other people to do that," he told BBC Radio 4's Today programme.

But help is at hand in the form of password managers.

Dr Levy said they are "great" and make life "so much easier".

He said: "That's the short-term answer to make the current pain go away. If you've got a vault of all your passwords, you need to remember one. It syncs across all your devices.

"We are about to publish guidance on how to select a good password manager."

In the longer term, security researchers are working towards a scenario where people will not need to use a password to access government services.

The new centre, officially opened by Queen Elizabeth and the Duke of Edinburgh, will spearhead Britain's efforts to fend off cyber attacks.

Analysts have warned that the UK faces a growing threat from hackers, while the danger has been underlined by allegations about Russian interference in the US presidential election.

Speaking at the launch event, Chancellor Philip Hammond said cyber attacks are increasing in frequency, severity and sophistication.

He also warned that households around the country are vulnerable.

"The average British home has eight devices connected to the internet," he said.

"This provides enormous potential for day-to-day attacks, from electronic data theft to online ransom."

It also emerged that there have been informal talks about the issue of cyber security at British political parties after the Democrats were targeted in the US.

Mr Martin said protecting the integrity of electoral and democratic systems is "up there with the top priorities".

Asked if any parties have asked for help, he said: "There's talk about it. We've had some approaches and we would expect to be offering seminars and that sort of thing in the future.

"We expect to be asked and we will be happy to."

He did not identify the parties in question.

Enjoy reading the Irish News?

Subscribe from just £1 for the first month to get full access

UK News