The British cybersecurity authority NCSC (National Cyber Security Center ), when recommending secure passwords, advocated using a combination of three randomly selected words when finding a password. The NCSC cited the words coffeetrainfish or walltinshirt as examples. The idea behind it: The passwords created in this way are easy to remember, longer than some previously used – such as the name of the wife – and overall more difficult to crack. Now the NCSC has once again emphatically brought the rule into play.
3 random words more secure than complex passwords
According to this, passwords found in this way – such as chair coin socket – could be more effective and thus more secure from attacks Be more cyber criminals than more complex passwords. Ultimately, according to the experts, they were aimed precisely at such passwords. For example, if you only replace the two letters s with the digits five in your password and add the o with a zero and an exclamation mark, you should meet the requirements for creating passwords, for example for online accounts. Cyber criminals would check this type of letter-number combination long ago.
The enforcement of complexity requirements, such as the mandatory use of special characters and numbers, leads, contrary to the intended purpose, to the creation of more predictable passwords, according to the authorities. Passwords created from three random words, on the other hand, tend to be longer and harder to predict. In addition, letter combinations are used that were more difficult to recognize for the algorithms used by cyber criminals, according to the NCSC.
Three random words easier to remember
However, the experts point out that the three random words rule is not 100 percent secure. The big advantage is that it is easier for users to memorize a password made up of three randomly selected passwords than a really complex one made up of a large number of letters, numbers and special characters. Ultimately, it is of course the safest way to use a password manager, but its acceptance is still very low. If you look around in the lists of the most frequently used passwords – à la Password1234 – there could be something to the NCSC idea.
