I would like to think that everyone reading this article is clued up about password security, using hard to guess combinations of numbers, letters and symbols, and choosing something different for every account and device under their control.
But not everyone is so savvy when it comes to security.
In fact the lackadaisical approach some take to password security has prompted Tony Neate, CEO of the UK government’s Get Safe Online campaign, to suggest that using an extremely poor password is better than not using one at all.
When Neate told the Guardian that using “abc123” is better than nothing he wasn’t wrong but I do worry that he may have been presenting the wrong message.
Sure, using any password is better than not using one at all but, c’mon, surely suggesting that a ridiculously poor one is any kind of improvement whatsoever is poor advice, even if Neate did suggest that himself:
“We use the analogy that ‘if you haven’t got a lock on your door, any lock is better than no lock. But if you are going to put a lock on your door, the best one to put on is a five-lever mortis [sp] lock.
It’s the same analogy. I would recommend anyone to have a good, solid password. But if they haven’t got a password then ‘abc123’ is a starting point.
I’m not suggesting people should have abc123. But something is better than nothing, and I’m very pragmatic when it comes to passwords.”
If you keep up to date with data breaches and password dumps then you will soon realise that “abc123” gets used far too much already. If the bad guys want to get into an account protected with such a password then it will, ironically, be as simple as A-B-C.
Which leads me to wonder whether Neate, who was speaking at the launch of the Cyber to Citizen initiative, shouldn’t have just stuck to the far more sound advice given out by the very website he heads up.
Being someone who is quite passionate about the need to present security advice to the average citizen in a manner that is easy to digest and act upon I think the Get Safe Online campaign is a good step in the right direction.
But, with Neate saying that the importance of using passwords is at the heart of its mission –
“One of the most important things that we can ever speak to people about is passwords.
People keep on saying passwords are going to be dead in four or five years… OK. But they’re not now.”
– I cannot help but feel that, as a quotable figurehead, he shouldn’t be mentioning something as ridiculous as “abc123”, even if he is just trying to make a point.
We mustn’t forget that not all passwords are the same.
Longer, complex ones will provide a decent level of security.
Short, pathetic ones, may lull the average person into thinking that they are far safer than they really are and that may just have the opposite effect to that which Neate is working towards.