Three random words: how to mitigate growing password threats

Three random words: how to mitigate growing password threats

Three random words make better passwords than those with complicated upper- and lower-case characters, or those with special characters such as exclamation marks or asterisks, CISOs told.


In a recent blog post, the National Cyber Security Centre (NCSC) said that enforcing complexity requirements is a poor defence against guessing attacks. And using three random words to create a password was much better.

“Counter-intuitively, the enforcement of these complexity requirements results in the creation of more predictable passwords. Faced with making yet another password with specific requirements, users fall back on variations of something they already know and use, falsely believing it to be strong because it satisfies password strength meters,” said Kate R, people team lead at the NCSC.

share