Password of three random words better than complex variation, say experts | Data and IT security

It’s far better to concoct passwords made up of three random words than to use more complex variations involving flows of letters, numbers and symbols, UK government experts have said.

The National Cyber ​​Security Center (NCSC), part of the Government Communications Headquarters, highlighted its recommendation of “three random words” in a new blog post.

He said that one of the main reasons for using the system is that it creates passwords that are easy to remember, but strong enough to protect online accounts from cybercriminals, due to their unusual combination of letters.

In contrast, more complex passwords can be ineffective as they are sometimes easier to guess for criminals and the software they create to detect them, according to the advice.

The agency says cybercriminals are targeting predictable means that are supposed to make passwords more complex, such as substituting the letter O with a zero or the number one with an exclamation point.

Criminals allow these kinds of patterns in their hacking software, which overrides any additional security of these passwords.

“Counterintuitively, applying these complexity requirements results in the creation of more predictable passwords,” the agency said.

Passwords constructed from three random words tended to be longer and harder to predict, and used letter combinations that were more difficult for hacking algorithms to detect, according to the advice.

The blog post admitted that using three random words was not 100% safe as people could use predictable word combinations, but said a major advantage of the system was its ease of use. “because the security that is not usable does not work”.

Cybercrime has skyrocketed during the pandemic, with online fraud increasing 70% in the past year, according to data from the Office for National Statistics.

“Traditional password advice telling us to remember multiple complex passwords is just plain stupid,” NCSC technical director Dr Ian Levy told the centre’s website.

“There are several good reasons we chose the three random words approach – not least because they create passwords that are both strong and easier to remember.

“By following this advice, people will be much less vulnerable to cybercriminals and I would encourage people to think about the passwords they use on their important accounts and to consider a password manager.”