Three random words

2 min read Original article ↗

three random words: apple, fish and pen

Combine three random words to create a password that’s ‘long enough and strong enough’.

Part of Cyber Aware

Weak passwords can be cracked in seconds. The longer and more unusual your password is, the harder it is for a cyber criminal to crack.

A good way to make your password difficult to crack is by combining three random words to create a password (for example applenemobiro). Or you could use a password manager, which can create strong passwords for you (and remember them).

Avoid the most common passwords that criminals can easily guess (like ‘password’). You should also avoid creating passwords from significant dates (like your birthday, or a loved one’s), or from your favourite sports team, or by using family and pet names. Most of these details can be found within your social media profile.

If you’re thinking of changing certain characters in your password (so swapping the letter ‘o' with a zero, for example), you should know that cyber criminals know these tricks as well. So your password won’t be significantly stronger, but it will be harder for you to remember.

Why does the NCSC recommend using ‘three random words’ as a way to create passwords?

By using a password that’s made up of three random words, you’re creating a password that will be ‘strong enough’ to keep the criminals out, but easy enough for you to remember.

Longstanding advice around making your passwords very complex (which suggests we should create passwords full of random characters, symbols and numbers) is not helpful. This is because most of us have lots of passwords, and memorising lots of complex passwords is almost impossible.

Passwords generated from three random words is a good way to create unique passwords that are ‘long enough' and ‘strong enough’ for most purposes, but which can also be remembered much more easily. If you want to write your password down, that’s also OK, provided you keep it somewhere safe.

If you want to find out more about why the ‘three random words’ technique works, you can read this blog by one of the NCSC’s technical experts that further explains our thinking.