Choosing Secure Passwords: Three Random Words

One of the most common challenges IT users face is creating strong, yet memorable passwords. The National Cyber Security Centre (NCSC) has provided a refreshingly simple solution to this age-old problem: use "Three Random Words".

What is "Three Random Words"?

The NCSC's "Three Random Words" guidance encourages users to create passwords by stringing together three random, unrelated words. This method not only makes passwords much more difficult to guess, but also makes passwords easier to remember.

Why use Three Random Words?

1. Easy to remember, yet difficult to guess

• Memorable: Three words are easier to recall than a jumble of characters, reducing the need for note-taking or insecure methods of storing passwords. A password such as "M&4$*!!)" is more difficult to remember, but less secure than "UmbrellaWheatBoat".

• Hard to guess: Despite its simplicity, this method creates passwords that are long and incredibly strong. The combination of three unrelated words adds a layer of complexity that's tough for attackers to crack, even when using automated software designed for the purpose.

2. Unpredictability and variation

• Randomness: Using unrelated words ensures unpredictability, making it difficult for hackers to guess your password.

• Variety: With millions of words to choose from, the possibilities are almost endless. From "PizzaUnicornSpace" to "SunflowerChocolateDragon," the number of possible combinations is enormous.
  

Implementing "Three Random Words" in Practice

• Length matters: All passwords should be a minimum of 12 characters in length.

• Choose wisely: Select words that are truly random, unrelated and not connected to your personal identity. This ensures maximum security. Most modern Password Managers will offer a feature to securely generate passwords.

• Complexity requirements: For added complexity (often required by systems and websites) add numbers and special characters to the end of the password.

• Use a unique password per account: Each user account should have its own unique "Three Random Words" password, preventing a breach in one account from compromising others.

• Store passwords securely: Consider the use of a secure password manager (such as 1Password or Bitwarden) to store your passwords securely. This avoids the need to remember all of your passwords and eliminates any benefit to reusing the same password for multiple services.

• Security Potential: Expand beyond three words for a longer passphrase, such as "GreenJellyfishRunningFast" for even greater security. The more random words you use, the stronger the password will be!
  

Conclusion: Simple, Secure, Memorable

The "Three Random Words" guidance from the NCSC presents a straightforward yet effective method for creating strong passwords. By embracing this approach, you're enhancing your security.

Next time you're prompted to create a password, think of the NCSC's guidance. Whether it's for work, personal email, social media, or banking, "Three Random Words" can be the key to a more secure online presence.