Strong passwords: British authorities recommend 3 random words rule
Secure passwords – still an important topic. (Image: Hamik / Shutterstock)
The idea is not new. But the UK cybersecurity agency again strongly recommends the 3 random words rule for secure passwords. But it is not 100 percent sure either.
In October 2016, the British cybersecurity authority NCSC (National Cyber Security Center) recommended using a combination of three randomly selected words when it came to recommending secure passwords. The NCSC named the words coffeetrainfish or walltinshirt as examples. The idea behind it: The passwords created in this way are easy to remember, longer than some previously used – such as the name of the wife – and overall more difficult to crack. Now the NCSC has emphatically brought the rule back into play.
Contents
3 random words more secure than complex passwords
According to this, passwords found in this way – such as chair coin sockets – could be more effective and thus more secure against attacks by cyber criminals than more complex passwords. After all, so the experts, they aimed precisely at such passwords. For example, if you only replace the two letters s with the digits five in your password and add the o with a zero and an exclamation mark, you should meet the requirements for creating passwords, for example for online accounts. Cyber criminals would long ago also check this type of letter-number combination.
The enforcement of complexity requirements, such as the mandatory use of special characters and numbers, leads, contrary to the intended purpose, to the creation of more predictable passwords, according to the authorities. Passwords created from three random words, on the other hand, tend to be longer and harder to predict. In addition, letter combinations are used that were more difficult to recognize for the algorithms used by cyber criminals, according to the NCSC.
Three random words easier to remember
However, the experts point out that the three random words rule is not 100 percent secure. The big advantage is that it is easier for users to remember a password made up of three randomly selected passwords than a really complex one made up of a large number of letters, numbers and special characters. Ultimately, it is of course the safest way to use a password manager, but its acceptance is still very low. If you look around in the lists of the most frequently used passwords – à la Password1234 – there could be something to the NCSC idea.
