Are three random words really the safest password?

The UK National Cyber Security Centre has recommended that three random words is a safer way to set a password then a more complicated variation.

Government experts at the UK National Cyber Security Centre (NCSC) have concluded that three random words as a password are a safer bet than any more complicated variations.

The NCSC, which is part of GCHQ, concluded that three words provide as much variety as much more complicated and at times convoluted passwords combining numbers, letters and symbols. The simple formula is very difficult for cybercriminals to second guess and is harder for the software they use to crack than the conventional mixed passwords.

NCSC did add that the key to the success of this system was the unpredictability of the three words and not making the password too personal or obvious, was very important to its success.

With cybercrime levels reaching record highs during the pandemic it has become even more important than ever to look for new ways to protect personal data from cybercriminals.

The NCSC’s Technical Director, Dr Ian Levy, said: "Traditional password advice telling us to remember multiple complex passwords is simply daft. There are several good reasons why we decided on the three random words approach – not least because they create passwords that are both strong and easier to remember. By following this advice, people will be much less vulnerable to cybercriminals and I’d encourage people to think about the passwords they use on their important accounts, and consider a password manager.”

And just in case we need reminding why this is important the following stats make sobering reading. If your data is compromised, weak passwords can have serious consequences, like identity theft. Companies reported a staggering 5,183 data breaches in 2019 that exposed personal information such as home addresses and login credentials that could easily be used to steal your identity or commit fraud. And that pales in comparison with the more than 555 million stolen passwords that hackers on the dark web have published since 2017.


Featured Articles

How secure is sensitive data stored in the cloud?

A Cloud Security Alliance (CSA) survey has found 67% of organisations store sensitive data in public cloud environments, but how secure is it?

CYBER LIVE LONDON: Day 2 highlights of the hybrid tech show

We take a look at highlights of the different stages at the Tech Live London show, including insights from Claroty, SalesForce and Oracle

TECH LIVE LONDON: An overview of the hybrid technology show

We take a look at the first day of Tech Live London with insights from technology leaders from companies such as IBM, Microsoft and Vodafone

Does a cashless society mean higher risk of fraud?

Cyber Security

5 minutes with Gary Brickhouse, CISO of GuidePoint Security

Cyber Security

CTO at Passbolt explains the importance of password managers

Application Security