APRIL Cyber Scam Newsletter
In this month's edition, we're raising awareness of account hacking, National Insurance scams, fake ticket sales and pension scams!
Changing passwords to often leads to only small alterations of that password.
The author of an influential guide to computer passwords says he now regrets several of the tips he gave.
Bill Burr had advised users to change their password every 90 days and to muddle up words by adding capital letters, numbers and symbols - so, for example, "protected" might become "pr0t3cT3d4!".
The problem, he believes, is that the theory came unstuck in practice. Mr Burr now acknowledges that his 2003 manual was "barking up the wrong tree".
Current guidelines no longer suggest passwords should be frequently changed, because people tend to respond by making only small alterations to their existing passwords - for example, changing "monkey1" into "monkey2"- which are relatively easy to deduce.
Furthermore, it has been demonstrated that it takes longer for computers to crack a random mix of words - such as "pig coffee wandered black" - than it does for them to guess a word with easy-to-remember substitutions - such as "br0k3n!".
Mr Burr's original advice was distributed by the US government's National Institute of Standards and Technology (Nist) . It has since been amended several times, with the most recent edition being released in June.
"The more often you ask someone to change their password, the weaker the passwords they typically choose. Said Prof Alan Woodward.
"And, as we have all now so many online accounts, the situation is compounded so it encourages behaviours such as password reuse across systems."
Britain's National Cyber Security Centre issued its own guidance on the matter in 2015. It recommended that organisations abandoned a policy of pushing their users into regular password resets, and that they should support the use of password managers - programs that securely store hundreds of different logins, avoiding the need to memorise each one.
So whats our advice?
Check out our video below on Passwords:
Have a look at the rest of our advice on passwords here: Password Advice