Campaign says #thinkrandom, but experts demand cyber-security rethink
The UK government has renewed its efforts to persuade consumers to pick stronger passwords.
The #ThinkRandom campaign is encouraging consumers to use three random words to create strong, separate passwords for their email, social media and online banking accounts. The effort follows a growing number of password dumps and security breaches affecting users of high-profile websites including LinkedIn, Dropbox and numerous others.
In a UK government pitch designed to persuade the public to adopt better password security, consumers are advised against using words related to their personal lives that may be easy to guess or share.
Your most important accounts are your email, social media and online banking accounts. So it’s important to have strong and separate passwords for each account. With access to your email, hackers can take control of all your online accounts, by asking for the password to be reset, and the information your email contains can easily be pieced together to create a profile of your identity.
Of course, it should go without saying that strong password security ought to extend across all accounts an individual holds, likely to be scores rather than a handful. Security experts gave the campaign – which omits any promotion of password managers – a cautious welcome.
“The government’s renewed attempt to protect UK consumers’ digital identities today with the #thinkrandom campaign is obviously well intentioned,” said Richard Parris, chief exec of British cyber-security company Intercede. “However, what I want to see is the government putting more of an effort into openly encouraging service providers to eradicate simple password authentication altogether.”
Parris compared the latest drive to 2014’s lacklustre and quite expensive Cyber Streetwise campaign.
“In reality, how successful are campaigns like #thinkrandom and 2014’s Cyber Streetwise campaign in protecting consumers?,” Parris said. “Consumers can make their passwords as long and complicated as physically possible, and yet if a service is breached, these credentials are rendered useless. If a consumer has used the same password and email credential for another service (which happens more often than not) then hackers have effectively got the keys to the individual’s online identity.”
Stolen passwords facilitate ID theft and other scams so the UK government is at least aiming its efforts in the right direction, according to Parris.
“Barely a day goes by without a major security breach coming to light, and 75 per cent of these breaches involve stolen passwords. We’ve had previous advice for businesses from GCHQ and now advice for consumers from the government. However, what we really need is a fundamental rethink of the basic security protocols,” he concluded. ®