Three random words better than more complex passwords – GCHQ

7 August 2021, 07:14

Man uses a laptop
Online Safety Bill. Picture: PA

The advice comes amid rising cyber crime amid the pandemic.

It is far better to concoct passwords made up of three random words than use more complex variations involving streams of letters, numbers and symbols, Government experts have said.

The National Cyber Security Centre (NCSC), part of Government Communications Headquarters (GCHQ), highlighted its “three random words” recommendation in a new blog post.

It said a key reason for using the system is it creates passwords that are easy to remember yet strong enough to keep online accounts secure from cyber criminals, owing to their unusual combination of letters.

By contrast, more complex passwords can be ineffective because they can be more guessable for criminals and the software they build to detect them, the advice says.

The agency says cyber criminals target predictable means supposed to make passwords more complex – like substituting the letter o with a zero, or the number one with an exclamation mark.

Criminals allow for such patterns in their hacking software, which negates any desired added security from such passwords.

“Counter-intuitively, the enforcement of these complexity requirements results in the creation of more predictable passwords,” the agency said.

By contrast, passwords constructed from three random words tended to be longer and harder to predict, and used letter combinations which were more difficult for hacking algorithms to detect.

The blog post concedes the three random words approach was not 100% safe since people might use predictable word combinations, but said a major advantage of the system was its usability “because security that’s not usable doesn’t work”.

Staff wellbeing
Cyber crime has risen dramatically during the pandemic (Joe Giddens/PA)

The guidance comes as cyber crime has soared during the pandemic, with online fraud rising 70% in the last year, according to data from the Office for National Statistics.

“Traditional password advice telling us to remember multiple complex passwords is simply daft,” NCSC technical director Dr Ian Levy says on the centre’s website.

“There are several good reasons why we decided on the three random words approach – not least because they create passwords which are both strong and easier to remember.

“By following this advice, people will be much less vulnerable to cyber criminals and I’d encourage people to think about the passwords they use on their important accounts, and consider a password manager.”

By Press Association

More Technology News

See more More Technology News

The Duke of Cambridge

William records audio walking tour for Apple

Virgin Media sign

Virgin Media TV services restored after power outage

Child on laptop

Social media a ‘conveyor belt’ for child abuse images, says NSPCC

Astronaut Tom Marshburn replaces a broken antenna (Nasa/AP)

Spacewalking astronauts avoid debris as they repair antenna

Virgin Media headquarters in Reading

Virgin Media customers unable to access some channels 10 hours after outage

Virgin Media sign

Virgin Media hit by TV service outage

Person using laptop

Christmas shoppers warned over fake online reviews

NHS app

NHS App is most downloaded free iPhone app this year

Tesla

Tesla officially moves headquarters from California to Texas

Broadband research

Which street in the UK has the slowest broadband?

Laptop stock

Women’s safety campaigners launch petition to bolster Online Safety Bill

MI6 Chief Richard Moore speaks at the International Institute for Strategic Studies, London

Chinese spies are targeting the UK, warns MI6 chief

Alex Younger MI6 speech

MI6 chief: Help needed from tech sector to counter rising threats

MI6 headquarters

MI6 needs global tech sector help to counter cyber threat, says spy chief

The Walsh family meet the Toyota Human Support Robot

Toyota Human Support Robot takes part in first UK home trial

Elizabeth Denham

Outgoing Information Commissioner reflects on ‘big beast of a job’