When choosing a new password, it’s best to avoid those comprising random characters and instead create one that’s made up of three random words, that’s according to the latest advice from experts at the National Cyber Security Centre (NCSC), part of the Government Communications Headquarters (GCHQ). the NCSC says such three-word passwords not only contain a sufficiently unusual combination of letters but are also much easier to remember compared to a random series of characters.
The government agency said that techniques people use to add special characters to passwords in an effort to increase their complexity (such as replacing the letter ‘O’with zeros and adding exclamation marks) are often flawed. Attackers are aware of such techniques and use algorithms to spot them, the NCSC also criticized websites that enforce the use of special characters within passwords, highlighting that people simply fall back on variations of passwords they’ve previously used, making them less secure.
NCSC technical director Dr Ian Levy said: “Traditional password advice telling us to remember multiple complex passwords is simply daft, there are several good reasons why we decided on the three random words approach -not least because they create passwords which are both strong and easier to remember. “By following this advice, people will be much less vulnerable to cybercriminals, and I’d encourage people to think about the passwords they use on their important accounts, and consider a password manager.” If you don’t yet use a password manager for your online accounts, we recommend Bitwarden. This free service lets you create and share unlimited passwords across all your devices.