Technology

Man Who Still Uses Same Password From 2009 Declared National Treasure by GCHQ

By ·

GCHQ has awarded its inaugural Cybersecurity Excellence Medal to Keith Barlow, a 52-year-old insurance adjuster from Stevenage who has used the password ‘Password123’ for every online account since September 2009.

Barlow has never been hacked.

The intelligence agency revealed that Barlow’s approach has baffled cybercriminals for over fifteen years, with most assuming his accounts are honeypots operated by law enforcement. His Gmail, online banking, Nectar card login, and Deliveroo account all share the same eight-character credential. He has never enabled two-factor authentication because he ‘can’t be arsed with all that’.

“We’ve been monitoring Keith for three years,” said Jennifer Holloway, GCHQ’s Director of Threat Analysis. “Hackers have his details. They’ve had them since the LinkedIn breach of 2012. But every single one assumes it’s a trap. The password is so catastrophically insecure that it’s created a perfect defence through sheer statistical improbability.”

Barlow expressed confusion at the honour. “I just picked something I’d remember,” he said. “All these people with their random letters and numbers and special characters, they’re the ones getting locked out of their own accounts. I’ve never had that problem.”

The award comes despite the National Cyber Security Centre spending £47 million on campaigns encouraging password diversity. Their 2023 initiative, which urged Britons to use unique passwords for each account, reached an estimated 18 million people. Barlow was not among them. He does not watch television.

Internal GCHQ documents obtained through a Freedom of Information request reveal that Barlow’s name has appeared in seventeen separate dark web databases. In each instance, hackers abandoned attempts to access his accounts after concluding the credentials were ‘obviously fake’ or ‘definitely a fed’.

“There’s a forum thread about him on one Russian site,” said Dr. Martin Pugh, a cybersecurity researcher at Imperial College London. “It’s forty-three pages long. They’ve convinced themselves he’s an MI5 officer running an elaborate sting operation. One user claimed Keith’s Tesco Clubcard account alone had logged access attempts from twelve different countries, all of whom backed away immediately.”

Barlow’s browser currently has 347 saved passwords. All of them are ‘Password123’. He has written it down on a Post-it note attached to his monitor, which he insists is ‘perfectly safe’ because ‘no one comes in my office’.

The medal ceremony will take place next month at a secure location in Cheltenham. Barlow will receive a commemorative plaque and a £50 John Lewis voucher. GCHQ has requested he does not change his password.

More from Technology

Man Who Spent £3,400 on Smart Home Devices Now Requires Permission from Kitchen to Make Tea

Man Who Spent £2,400 on Smart Home Devices Now Requires Permission from Toaster to Leave House

Man Who Spent £1,200 on Smart Home Devices Now Trapped in Bedroom After Wi-Fi Outage

Leave a comment

Your email address will not be published. Required fields are marked *