our data will be safer online if you do not regularly change your password, Britain’s security service has claimed.
The new advice appears to contradict years of recommendations from other cyber experts.
In the past, internet users have been told to routinely change their passwords to help prevent attacks from cybercriminals.
But now security experts have told The Sun the safest bet is to come up with a safe password and stick to it.
Experts from the National Technical Authority for Information Assurance (CESG) – which advises organisations on the best practices to protect their information and information systems against the latest online threats – revealed the counterintuitive advice during a briefing with power stations, banks and the public sector in Whitehall.
“It’s one of those counter-intuitive security scenarios; the more often users are forced to change passwords, the greater the overall vulnerability to attack,” the security experts concluded.
“Most password policies insist that we have to keep changing them.
“And when forced to change one, the chances are that the new password will be similar to the old one.
“Attackers can exploit this […] New passwords are also more likely to be forgotten, and this carries the productivity costs of users being locked out.”
The advice concludes, “CESG now recommends that organisations do not force regular password expiry.”
A recent survey discovered that as many as two-thirds of large businesses had suffered a cyberattack or security breach within the last 12 months.
The news comes days after security experts unearthed a total of 272.3 million hacked usernames and passwords up for sale in the Russian underworld.
The cache reportedly contained almost 57m Mail.ru accounts – a sizeable chunk of the 64 million monthly active email users Mail.ru said it had at the end of last year.
It also is believed to include tens of millions of usernames and passwords for the world’s three big email providers – Gmail, Microsoft and Yahoo – plus hundreds of thousands of accounts from German and Chinese email providers.
A Microsoft spokesman said: “Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access.”
Earlier this year, cross-platform password manager SplashData published a comprehensive list of the 25 Most Popular Passwords of 2015.
The rundown was compiled from the millions of stolen passwords that are made public throughout the last year.
The US firm also shows the popular password’s position relative to its ranking last year.
Unfortunately, it turns out that 123456 is a non-mover as the most popular password of the year.
Always create a unique password for each of your online accounts.
For example, take the first letter of each word in your favourite song lyric, phrase or poem – and use those letters, which appear like a random jumble, as your password.
A password manager is another way to generate and securely store unique passwords with letters, symbols and numbers.