Category Archives: Human Tech

Stop using difficult-to-guess passwords, UK’s spying agency GCHQ recommends

The British spying agency, found to have been conducting wholesale surveillance on UK citizens, has recommended that the public make their passwords less complex.

In a brand new document called ‘Password guidance: simplifying your approach’, the company gives a range of guidelines to keep consumers safe. That includes rolling back previous guidance “that complex passwords are ‘stronger’” — instead recommending that people simplify their approach.

The agency gives a range of hints to those working in IT as well as normal consumers.

Those include warning people to change their default passwords, to make sure that accounts can be locked out if they’re under attack and avoid storing passwords as plain text files that can be read by anyone.

Read more
GCHQ spying on British citizens was unlawful, secret court rules in shock decision
Privacy watchdog launches ‘Did GCHQ spy on you?’ campaign
UK government rewrites surveillance law to get away with hacking and allow cyber attacks

The agency also warns against the problems of “password overload”. That is what happens when people create too many complex and unmemorable passwords, which leads them to write them down or re-use them and so become unsafe.

Those complicated passwords are often the result of organisations imposing rules about the complexity of passwords — requiring that they are a certain length, for instance, or include special characters. But instead companies should just create more security rules, so that people can use their own, more simple passwords.

Those simple passwords might be made up of just three simple words, for instance. Or users could sign up for password managers — software that generates and then stores the passwords so that are both complex and never have to be remembered.

“Software password managers can help users by generating, storing and even inputting passwords when required,” the report says. “However, like any piece of security software, they are not impregnable and are an attractive target for attackers.”

That second sentence might be of note to people looking to use the password — GCHQ itself has been found to have been attacking security services used by British citizens, in an attempt to make it more easy to conduct its surveillance and spying operations.


Commuting is ‘work’ and employees should be paid for it, European court says

A European court just made getting to and from work a tad more tolerable.

Wouldn’t it be great to get paid for commuting? A European court just made that wishful thinking a reality for some workers in Europe.

The European Court of Justice said in a ruling Thursday that “when workers…do not have a fixed or habitual place of work, the time spent by those workers traveling each day between their homes and the premises of the first and last customers designated by their employer constitutes working time within the meaning of the [Working Time Directive,]”—European Union legislation that protects the rights of workers. The directive, for instance, bars employers from forcing workers to log more than 48 hours per week.

The court says that during trips to and from customers, workers are at their employer’s disposal and they act on the instructions of the employer, who “may change the order of the customers or cancel or add an appointment.” It also said that “the fact that the workers begin and finish the journeys at their homes stems directly from the decision of their employer to abolish the regional offices and not from the desire of the workers themselves.” Forcing workers to bear the burden of their employer’s decision, ” would be contrary to the objective of protecting the safety and health of workers pursued by the [Working Time Directive], which includes the necessity of guaranteeing workers a minimum rest period.”

The ruling will affect million of public and private sector employees across the EU, specifically those without a permanent office, such as electricians and sales reps, Quartz says.