Websites SHOULD let you cut and paste passwords to gain access, Britain’s cyber security experts say
- The National Cyber Security Centre has issued new password guidance
- The GCHQ offshoot is worried about people reusing passwords multiple times
- Consumers complain about increasingly complex password requirements
- The NCSC believes copying and pasting passwords could help this issue
Websites should allow customers to cut and paste passwords to access their accounts according to advice from Britain’s National Cyber Security Council.
The NCSC is part of GCHQ and provides advice for businesses and individual on how to keep their data and accounts secure from possible attack from cyber criminals.
Many websites developers prevent users from copying and pasting passwords during the log-in process believing that this provides an additional element of security.
But according to Britain’s top cyber experts, consumers, who are forced to use increasingly complex passwords are likely to repeat the same phrase across multiple sites.
This, according to the NCSC jeopardises the security of all their accounts in the event of a data breach in one location.
Websites should allow customers to cut and paste passwords during the log-on process as this reduces the risk of becoming victims to cyber crime according to the National Cyber Security Council
Experts at the NCSC – which is part of GCHQ, said demanding increasingly complex passwords from customers means individuals are more likely to reuse a phrase over multiple sites
The NCSC has issued a six-point plan for protecting your various accounts from cyber attack
According to the NCSC: ‘We believe it’s one of those “best practice” ideas that has a common sense instant appeal that may have made sense once. Considering the bigger picture today, it really doesn’t make sense.
‘The main reason why password pasting improves security is because it helps to reduce password overload, something that we cover in our Password Guidance.
‘Allowing the pasting of passwords makes web forms work well with password managers.
‘Password managers are software (or services) that choose, store and enter passwords into online forms for you.’
The NCSC believes that password managers can prevent this overload as they can control different complex phrases across multiple sites.
Also, this eliminates the risk of entering an incorrect password and getting locked out of your account.
The main downside to a password manager is if the phrase protecting it is breached, all of the other accounts are vulnerable to fraud.
The NCSC experts said: ‘Imagine if you didn’t have a password manager, or even that unprotected document on your computer with your passwords in it.
‘Without password managers, it would be pretty much impossible to remember all your passwords.’
If someone re-uses the same password, or write post-it notes on a place that’s easy to find, like on the screen of a computer, this leaves accounts vulnerable.
Also, some users might decide that a simple or easy to guess word is less hassle.
Many internet users complain that they have to remember far too many complex passwords to log onto multiple websites
Critics complain that allowing password pasting ‘allows brute force attacks’ while also making them easier to protect because people don’t have to use them each time you log on.
Also, critics suggest that having passwords on a computer clipboard makes them vulnerable to interception.
However, the NCSC dismisses these criticisms and instead argues that companies should increase their cyber security, making their networks less vulnerable to attack.
The NCSC added: ‘Rather than stopping password pasting, help your computers to avoid catching viruses in the first place by following our guidance on securing enterprise IT.
‘And install software updates – the IT version of eating your fruit and veg. It’s one of the very best ways of securing your computer.’
Source: Read Full Article