The GCHQ published a document titled “Password guidance: simplifying your approach”, which gives a range of guidelines to keep consumers safe.
That includes rolling back previous guidance “that complex passwords are ‘stronger’” — instead recommending that people simplify their approach.
The agency gives a range of hints to those working in IT as well as normal consumers. In particular, the agency called people people to change their default passwords, to make sure that accounts can be locked out if they’re under attack and avoid storing passwords as plain text files that can be read by anyone.
The agency also warns against the problems of “password overload”. That is what happens when people create too many complex and unmemorable passwords, which leads them to write them down or re-use them and so become unsafe.
“Software password managers can help users by generating, storing and even inputting passwords when required,” the report says. “However, like any piece of security software, they are not impregnable and are an attractive target for attackers.”
That second sentence might be of note to people looking to use the password — GCHQ itself has been found to have been attacking security services used by British citizens, in an attempt to make it more easy to conduct its surveillance and spying operations.