Tech companies, cybersecurity experts, and internet giants have long suggested using a complex string of alphabets, numbers, and special characters as passwords. However, a string of just three random words makes for a better password, suggested some government experts.
The National Cyber Security Centre (NCSC) for the United Kingdom has suggested using a three-word system to secure accounts. These passwords are obviously a lot easier to remember, and apparently make a surprisingly effective barrier to account breaches.
Why is a string of three random words a better password than a complex string of alphabets, numbers, and symbols?
Passwords are still a growing concern for online or web-based platforms. Poor password hygiene is one of the major reasons why hackers and threat actors can quickly and effectively breach multiple accounts using just a single breakthrough.
Despite repeated warnings, default passwords or simple passwords such as ‘1234’, ‘password’, ‘admin’, etc. are quite common. Several experts have urged users to change their passwords to something more complex. Users must also routinely change passwords to their most sensitive accounts.
— Claudia Pagliari (@EeHRN) August 7, 2021
Several cybersecurity experts have agreed that passwords leveraging complex sequences of uppercase letters, lowercase letters, numbers, and symbols, are effective. However, the National Cyber Security Centre (NCSC) seems to suggest otherwise.
NCSC is a part of the Government Communications Headquarters for the United Kingdom. The agency has suggested that three words that are easy to remember, could collectively become a better password than a complex string.
15% of British people use their pet's name as a password!
— TVP Cyber and Fraud (@TVPCyber_Fraud) May 14, 2021
The most obvious aspect of the three-word password is the simplicity for the user. These are words that users can easily remember. On the other end, the system sees the password as an unusual combination of letters. Simply put, computers and hence cybercriminals, now face a password that consists of a long chain of alphabets.
Should Internet users stop using complex passwords that security experts, web, and online companies suggest?
The agency has indicated that complex passwords are undoubtedly very difficult to decipher, guess or crack. By their very nature, the often recommended complex passwords offer more than enough security.
However, Internet users routinely take some simple shortcuts while creating a recommended complex password. While attempting to create complex passwords, users often choose predictable and exploitable patterns. An exclamation mark to denote 1, or a zero replacing ‘o’, are prominent examples.
Better to measure password strength in bits of security (i.e, 128-bit password would be far stronger than three words in most cases depending on wordlist, character space). Many crypto wallets encode 128 bits secret key/seed to 12 word mnemonic.https://t.co/SlOD3HSZ7V
— Steven Hatzakis, Fintech Researcher & Consultant (@shatzakis) August 8, 2021
Cybercriminals target predictable strategies that companies suggest to make passwords more complex. Speaking about the phenomenon, NCSC’s technical director, Dr. Ian Levy said:
“Traditional password advice telling us to remember multiple complex passwords is simply daft. There are several good reasons why we decided on the three random words approach – not least because they create passwords which are both strong and easier to remember.”
“By following this advice, people will be much less vulnerable to cybercriminals and I’d encourage people to think about the passwords they use on their important accounts, and consider a password manager.”
Happy National Password Day!
— Bookatechy.com (@Bookatechy) May 2, 2019
As Dr. Levy indicated, the three-word password isn’t 100 percent effective. But users have devised easy-to-remember techniques that cybercriminals have now factored into their code-breaking manuals and software.
The most obvious solution to the password issue is using a reliable password manager. There are several options that offer to remember login credentials. And they suggest passwords with a lot of complexity.