A strong password is normally a string of characters that are required for an authentication process. For most of us, this authentication process will be accessing a variety of online accounts. Some of these online accounts will hold some of our most sensitive data.

Good cybersecurity practices state the importance of having a complex password. However, individuals often overlook passwords which is a fundamental area that should be given more attention to when safeguarding sensitive data.

With the threat landscape rapidly changing and becoming more advanced, it’s been reported that the number of data breaches and identity theft cases is on the rise and one of the causes of this is due to compromised passwords.

Following the guidance from The National Cyber Security Centre, we’re going to discuss how you can go about ensuring that your passwords are strong and complex enough to keep your data safe.


What should be considered when creating a password?

When creating a new password or when changing an existing one, you will want to incorporate the following elements to ensure it can be classed as strong:

  • Making sure that the password is long – having a longer password means that it will be more secure – you should aim to make it at least 12 characters
  • Make sure that the password is random – using strings of characters that have no relevance to each other or a sequence of words that wouldn’t be considered in the same sentence
  • Making the password unique – this means ensuring that each of your online accounts has a different password so that you can reduce the vulnerability in the event of a hack


What does The National Cyber Security Centre recommend?

Three Random Words

When thinking about creating a strong password you may still have the perception that you should include numbers, characters, and capital letters – making it as long and as complex as possible.

However, The National Cyber Security Centre found that while this advice created complex passwords, it was hard for users to remember and many still don’t use a password manager, so writing these passwords down also comprises the safety of individual’s data if not stored in a secure place.

Cybercriminals have also become more sophisticated with access to a range of new software that can help them crack simple passwords to even the more complex ones that use the old format of special characters and numbers. The sequences in the software pick up that the exclamation mark is quite common and has become a lot more advanced at picking up the special characters.

Upon reviewing the old guidance, The National Cyber Security Centre recommends that to create a strong complex password that is easy for a user to remember they should follow the format of using three random words.

You may be wondering if three random words are secure? Here’s why it’s recommended:

  • Three random words create a good length to your password, multiple words will generally be longer than passwords that are made from single words. The old guidance that you may be used to always emphasises the length of your passwords and is generally a recommended requirement. By using three random words you ensure you get a good length but also avoid predictable patterns in your passwords.
  • Three random words create novelty for your passwords. The National Cyber Security Centre knows that a lot of users tend to use stereotypical words that could be a single dictionary word or name which creates a lot of predictable characters. Three random words encourage users to consider alternative passwords that they wouldn’t have used before due to the complexity that it promotes in using more than just one common word.
  • Three random words also promote usability for a user. Previously enforcing the complex requirements that we are all used to makes it difficult for the users to remember and generate a strong password without having to reset it multiple times. By adopting the use of three random words you can create a strong password but also one that you have a chance of remembering.

The biggest benefit of using three random words is that it creates a nonsensical order and can be a sentence that has been chopped and swapped with a pattern only the user knows. This allows the user to have a long and strong password that they have a chance of remembering but it also tricks cybercriminals when they use the software as the dictionary doesn’t list multiple words together.

What not to include when selecting your three random words:

Not include in your password

When considering choosing three random words for your password, you still need to adhere to the previous advice of not selecting information that is relevant to your life and that can be easily found after a review of your social media pages, you need to make it hard for cybercriminals to guess and make it as irrelevant to any accessible information as you can.

Here are some things you should not include in your password as part of your three random words:

  • Pets name
  • Birthday or that of family members
  • Any words related to your hobby or job
  • Part of your home address or where you live
  • Your name or name of a family member
Further guidance for creating your passwords:

Secure Email

Following the guidance mentioned above about creating long and complex passwords for each of your accounts, there is one thing you do need to consider and that is a strong and separate password for your email account.

Your email is one place that holds the most sensitive data that you have and if your password for this is common and easy to guess then the hacker will have access to a variety of information stored in your email and may even gain access to your other accounts.

So, make sure you choose a good nonsensical order for your email account, choosing the most three random words to ensure your data here is safeguarded.

For more guidance on the use of three random words click here.

To find out more about what we do click here.