Three Random Words Make for Better Passwords than Complex Sequences, Experts Say

Tsing · Aug 7, 2021

Image: TheDigitalArtist (Pixabay)

Passwords leveraging complex sequences of uppercase letters, lowercase letters, numbers, and symbols are widely believed to be more secure than simpler alternatives, but that’s not something that cyber security experts in the U.K. agree with.

In a new blog post explaining why complexity requirements are overrated, the National Cyber Security Centre (NCSC) urged companies and other organizations to accept passwords comprising three random words as a more effective way of keeping users’ accounts secure.

Although complex strings make sense on a surface level, the NCSC argued that these requirements are actually more likely to result in weaker passwords, as they compel users into choosing predictable and exploitable patterns (e.g., replacing the letter “o” with a zero).

The NCSC believes that the use of three random words is preferable...

Auer · Aug 7, 2021

Just changed all my passwords to "ThreeRandomWords"

Brian_B · Aug 7, 2021

I’ve always heard to just use the opening line to a poem, song or nursery rhyme. Make it memorable, but long.

Grimlakin · Aug 8, 2021

Wow these guys must read xkcd and post what he did like 5 years ago.

https://xkcd.com/936/

Peter_Brosdahl · Aug 8, 2021

Brian_B · Aug 8, 2021

My wife thought I was crazy for using a password manager. We have some services that have those really difficult-to-meet password requirements, and just writing them down in a notepad was no longer cutting it.

So then I changed our bank account password to one of those 24 character random sequences. She stopped laughing and asked for the download for the app.

Three Random Words Make for Better Passwords than Complex Sequences, Experts Say

Tsing

The FPS Review

Auer

FPS Regular

Brian_B

FPS Enthusiast

Grimlakin

Forum Posting Supreme

Peter_Brosdahl

Moderator

Brian_B

FPS Enthusiast