You Can't Handle It: UK Spy Agency Tells Public to Stop Resetting Passwords

World Password Day and its accompanying website offers a "pep talk" on passwords from an elderly woman called Betty.

"Don't let hackers ruin your game. It's time for a sit down with Betty" the, website states.

Quick to rain on Betty's parade, GCHQ decided to use World Password Day to once again tell people not to bother resetting their passwords — while Betty was trying to help people be more secure online.

"Betty has some gentle advice to get you on your way to a more secure online life."

A post by GCHQ's Communications Electronics Security Group said: "In 2015, we explicitly advised against it [resetting passwords].

"Let's consider how we might limit the harm from an attacker who knows a user's password." The post then explains why policies forcing a person to change legitimate passwords are a waste of time and an "inconvenience to users."

"Our passwords have to be as long as possible and as 'random' as possible. And while we can manage this for a handful of passwords, we can't do this for the dozens of passwords we now use in our online lives."

GCHQ doesn't think the public can handle having too many passwords and won't remember them and this "makes matters worse."

It turns out that apparently, according to GCHQ, the more times you forget your password and have to get it reset by a service desk, the more vulnerable you are to an attack.

"The chances are that the new password will be similar to the old one" and "attackers can exploit this weakness."

"What appeared to be a perfectly sensible, long-established piece of advice doesn't, it turns out, stand up to a rigorous, whole system analysis."

To make it simpler to understand, the CESG has issued a guide: "Simplifying Your Approach" which explains how to make your information more secure online in a handy 16-page PDF document.

But it might be easier to sit down with Betty for some "gentle advice" instead.