GCHQ wants you to use simpler passwords

I read this weekend the somewhat ironic news that GCHQ – the eponymous home of snooping – is suggesting that we may wish to make our online passwords a bit easier.

Enter stage left: conspiracy theorists.

But does this advice make sense, or is it a thinly-veneered attempt to make electronic eavesdropping that bit easier?  Now I accept that a tendency for paranoia doesn’t mean people AREN’T talking about you behind your back; but I do agree that this is good advice from those whose business it is to circumnavigate encryption and security measures.

GCHQ have released a report entitled ‘Password Guidance’ in which they argue that “by simplifying your organisation’s approach to passwords, you can reduce the workload on users, lessen the support burden on IT departments, and combat the false sense of security that unnecessarily complex passwords can encourage”.

It transpires that the demands of many applications and websites that you use capital letters, special characters, numbers; and their restrictions on using dates of birth, pets’ names, inside leg measurements, using the same letter twice, using anything credited as a valid word in Scrabble, the Roman alphabet and anything you stand a cat in hell’s chance of remembering…simply do not cause any frustrations for the hacker or make it any more secure!

At last we can free ourselves from the shackles of impossible to create and remember passwords – we can be liberated from memorising which of the 22 different passwords (according to the GCHQ report) we set for which account.  Or at least we can when developers and employers heed this advice.

GCHQ suggest we could use 4 random words strung together in a xxxx-xxxx-xxxx-xxxx format.  You will have to remember these random words of course.

An approach I adopted some years back was to define a song, poem or book that I could associate with the system I had to create a password for, and use characters based upon it. Let me give you an example:

You need to create a password for a government-run website portal, and associate this with the oft-berated public school boys who are charged with running our country.  Perhaps ‘Eton Rifles’ by The Jam springs to mind?

In this case, your password could become 3tonr1fl3s (noting the substitution of letters for numbers – or you may decide to substitute the ‘1’ for a ‘!’)

Alternatively, you could choose the first line of the song, or a memorable line from it.  The opening line to this ‘track’ (sorry – I’m not down with the kids enough to know whether that’s the up-to-date vernacular) is ‘Sup up your beer and collect your fags’.  In this instance your password could become ‘suyb@cyf’ (again substituting the ‘a’ for ‘@’).

Should an application insist on numbers (despite this advice from GCHQ) then you can simply add 4 or 6 memorable numbers at the end or the beginning.  This won’t make the password any more/less secure – but it may just stop you throwing an expensive computer out of the window.

What tips do you have for creating and memorising passwords?  Why not let everyone else know in the comments (without granting access to your bank account of course).