Sep 4, 2017

Our spy agencies know less about cybersecurity than the Daily Mail

The agencies dedicated to "protecting our secrets" are insisting on a password security method that even the Daily Mail knows is nonsense, writes John Quiggin.

I recently had to log in to the website of an Australian government agency with which I deal from to time. To my surprise, I was presented with a message saying that my password had expired and that, under a new security policy, password expire every 90 days, and they must contain a mixture of alphanumeric and special characters (this is called a composition rule)

You don’t need to be a cybersecurity expert to know that this is nonsense. Comics like Xkcd have been mocking special character passwords for years. As is well known a long but easily memorable string of dictionary words like “thisgovernmenthasnochanceofwinning” is much harder to crack than a shorter [email protected] with obvious substitutions like @ for a (this password would meet the conditions I was asked to satisfy).

Free Trial

You've hit members-only content.

Sign up for a FREE 21-day trial to keep reading and get the best of Crikey straight to your inbox

By starting a free trial, you agree to accept Crikey’s terms and conditions


Leave a comment

2 thoughts on “Our spy agencies know less about cybersecurity than the Daily Mail

  1. DrPixie

    Nice to see some rationality being pointed at password policies – which have long been stupid and counterproductive. Now to find someone in government who can spell “computer” (or metadata, or internet, or bandwidth, or …)

  2. AR

    As a total tek-tyro, who wouldn’t know a bit from a byte on the arse, I am thoroughly unreassured by the utter unusability of even something as simple as the site which is spurned even by those in the local SS office as a waste of time.
    Seriously, William Gibson was wildly overoptimistic.

Share this article with a friend

Just fill out the fields below and we'll send your friend a link to this article along with a message from you.

Your details

Your friend's details