NCSC Cyber Aware Campaign: Is the password model broken?


Any initiative that serves to better protect consumers from phishing attacks and cybercrime should be championed. Cyber Aware, announced by the NCSC and designed to help people shop securely this Christmas, is a welcome step, particularly given skyrocketing online shopping rates. 

As to whether the six behaviours outlined in the campaign will go far enough to protect consumers is however a different question, as cybercrminals continue to find ways around password-based methods of authentication.

The bottom line is that usernames and passwords are not a safe method for authentication. It is unfortunately common for consumers to reuse passwords for everything from social media to banking or tax accounts, and changing those habits has proven difficult or impossible. Multi-factor authentication as an opt-in method can be a way forward for non-password based authenticators.