Choosing passwords: the three random words method

With our personal and work lives now requiring us to have so many passwords, it is difficult to keep coming up with new passwords.

The National Cyber Security Centre (NCSC) have been championing the three random words method as a strategy to help with this problem. This method involves choosing three words at random and combining them to make a password, for example: paperhumbleconnect.

Weak passwords can be easily cracked, but the longer and more unusual your password is, the more difficult it is for a cybercriminal to crack it.

In recent years much advice has been given about using long, complex passwords that contain random letters, numbers and symbols. However, generating, remembering, and entering this kind of password is impractical for most of us.

So, faced with yet another password to choose we may be tempted to opt for a variation of a familiar word, name or date, or perhaps reuse a password we use elsewhere. Common tactics include substituting numbers for letters.

Of course, the problem then is that tactics are familiar to cyber criminals who adjust their approach to match.

While a random password created by a password manager may be the strongest option, NCSC note that take-up of password managers remains very low. And security that is not usable for people doesn’t work.

The three random words method is considered to be long enough and strong enough for most purposes and is easy enough for most people to understand and use.

NCSC also say that if you want to write your password down, that’s ok, as long as you keep your written note somewhere safe.

See: https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/three-random-words