National Cyber Security Centre: Password managers ‘good for now, but not forever’

Written by Rebecca Hill on 27 January 2017 in News
News

Password managers may offer advantages in the short-term, but password-based authentication has “outstayed its welcome”, the National Cyber Security Centre has said.

Password managers are good, but have their downsides, says NCSC - Photo credit: Pixabay

Password managers are software applications that retain and automatically enter passwords for a range of sites, and can either be standalone or browser-based.

The UK’s cyber security centre has previously come out in favour of password managers as a way to protect multiple accounts, saying that stops bad behaviours, such as writing passwords down or making them easy to remember – and therefore guess.


Related content

Pasting passwords gets seal of approval from National Cyber Security Centre
Password expiry is a ‘blunt instrument’ that rarely delivers, says cyber security expert
Are we entering a 'cognitive era'?


 

n a blogpost published this week, the centre sets out its stall more clearly, saying that password managers are generally “a good thing” because they make security measures easier and more convenient.

This is because having a manager makes it easy to use long, complex and unique passwords across different sites and services – the manager remembers them all for you and enters them automatically – and can be synced across devices.

But they also come with disadvantages, including that they are can be attractive targets in themselves – meaning all your passwords get stolen in one go – they require you to remember a master password and they can’t be used for everything. For instance, some banks might not refund you for cyber fraud if you have used a password manager.

The centre also noted that browser-based password managers may not sync across devices on different operating systems.

And, while the centre recommends the use of password managers in the short-term – saying that it was drawing up guidance for the use of managers in organisations – it added that “password-based authentication has outstayed its welcome.”

Instead, it advocates greater use of different authentication mechanisms that are more usable in everyday life and stop people being forced to remember passwords in the first place.

The centre suggested, for instance, that people consider using biometrics – like fingerprint readers on smartphones – and cutting down the number of passwords you use in the first place.

“Use multi-factor authentication or single sign-on where available,” it said. “For infrequently-used passwords, use a password reset mechanism when you need to log in (instead of making any attempt to recall or store the password).”

The centre concluded: “Password managers are a good thing - for now. But we hope not forever.”

Share this page

Tags

Add new comment

Related Articles

Kent Police seeks multimillion pound overhaul of crime scene info systems
19 June 2017

South East police force is looking for a supplier to build a new digital asset management system that could be rolled out right across the UK

Three London borough councils to co-develop families’ case management ‘app store’
15 June 2017

The London boroughs of Kensington and Chelsea, Westminster City and Hammersmith and Fulham to create digital tools to improve communication between families and children’s services and allow...

Courts' mobile innovation nominated for national award
5 June 2017

Her Majesty’s Courts and Tribunals Service digital tool for ushers is ‘foundation for future innovation’ and sole department nominee in its category

UPDATED: General election 2017: Manifesto round-up
17 May 2017

After the Tories released their manifesto,PublicTechnology takes a look at the three main parties' plans for digital and technology ahead of next month's general election.

Related Sponsored Articles

Impact of AI on UK jobs market divides opinion, says BT survey
14 June 2017

BT finds that IT Directors disagree over whether Artificial Intelligence will create or displace jobs

How big data is helping to transform the defence sector
8 June 2017

Bill Holford explores how big data is changing modern warfare, and argues for a defence big data strategy to ensure we are making the most of the opportunities ahead

Defence in a digital and disruptive era: innovation in IT
8 June 2017

BT looks at turning points within the UK defence sector, the evolving nature of warfare and how new cyber-attacks pose new questions for our national defence