Are three random words really the safest password?

Government experts at the UK National Cyber Security Centre (NCSC) have concluded that three random words as a password are a safer bet than any more complicated variations.

The NCSC, which is part of GCHQ, concluded that three words provide as much variety as much more complicated and at times convoluted passwords combining numbers, letters and symbols. The simple formula is very difficult for cybercriminals to second guess and is harder for the software they use to crack than the conventional mixed passwords.

NCSC did add that the key to the success of this system was the unpredictability of the three words and not making the password too personal or obvious, was very important to its success.

With cybercrime levels reaching record highs during the pandemic it has become even more important than ever to look for new ways to protect personal data from cybercriminals.

The NCSC’s Technical Director, Dr Ian Levy, said: "Traditional password advice telling us to remember multiple complex passwords is simply daft. There are several good reasons why we decided on the three random words approach – not least because they create passwords that are both strong and easier to remember. By following this advice, people will be much less vulnerable to cybercriminals and I’d encourage people to think about the passwords they use on their important accounts, and consider a password manager.”

And just in case we need reminding why this is important the following stats make sobering reading. If your data is compromised, weak passwords can have serious consequences, like identity theft. Companies reported a staggering 5,183 data breaches in 2019 that exposed personal information such as home addresses and login credentials that could easily be used to steal your identity or commit fraud. And that pales in comparison with the more than 555 million stolen passwords that hackers on the dark web have published since 2017.