Just three random words strung together make a better password than complex string of alphabets, numbers and special characters, suggests government experts

Complex Passwords Three Words
Just Three Random words make a powerful password? Pic credit: Christiaan Colen/Flickr

Tech companies, cybersecurity experts, and internet giants have long suggested using a complex string of alphabets, numbers, and special characters as passwords. However, a string of just three random words makes for a better password, suggested some government experts.

The National Cyber Security Centre (NCSC) for the United Kingdom has suggested using a three-word system to secure accounts. These passwords are obviously a lot easier to remember, and apparently make a surprisingly effective barrier to account breaches.

Why is a string of three random words a better password than a complex string of alphabets, numbers, and symbols?

Passwords are still a growing concern for online or web-based platforms. Poor password hygiene is one of the major reasons why hackers and threat actors can quickly and effectively breach multiple accounts using just a single breakthrough.

Despite repeated warnings, default passwords or simple passwords such as ‘1234’, ‘password’, ‘admin’, etc. are quite common. Several experts have urged users to change their passwords to something more complex. Users must also routinely change passwords to their most sensitive accounts.

Several cybersecurity experts have agreed that passwords leveraging complex sequences of uppercase letters, lowercase letters, numbers, and symbols, are effective. However, the National Cyber Security Centre (NCSC) seems to suggest otherwise.

NCSC is a part of the Government Communications Headquarters for the United Kingdom. The agency has suggested that three words that are easy to remember, could collectively become a better password than a complex string.

The most obvious aspect of the three-word password is the simplicity for the user. These are words that users can easily remember. On the other end, the system sees the password as an unusual combination of letters. Simply put, computers and hence cybercriminals, now face a password that consists of a long chain of alphabets.

Should Internet users stop using complex passwords that security experts, web, and online companies suggest?

The agency has indicated that complex passwords are undoubtedly very difficult to decipher, guess or crack. By their very nature, the often recommended complex passwords offer more than enough security.

However, Internet users routinely take some simple shortcuts while creating a recommended complex password. While attempting to create complex passwords, users often choose predictable and exploitable patterns. An exclamation mark to denote 1, or a zero replacing ‘o’, are prominent examples.

Cybercriminals target predictable strategies that companies suggest to make passwords more complex. Speaking about the phenomenon, NCSC’s technical director, Dr. Ian Levy said:

“Traditional password advice telling us to remember multiple complex passwords is simply daft. There are several good reasons why we decided on the three random words approach – not least because they create passwords which are both strong and easier to remember.”

“By following this advice, people will be much less vulnerable to cybercriminals and I’d encourage people to think about the passwords they use on their important accounts, and consider a password manager.”

As Dr. Levy indicated, the three-word password isn’t 100 percent effective. But users have devised easy-to-remember techniques that cybercriminals have now factored into their code-breaking manuals and software.

The most obvious solution to the password issue is using a reliable password manager. There are several options that offer to remember login credentials. And they suggest passwords with a lot of complexity.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x