Three random words are still one of the best passwords, experts say

Watch Dogs Legion
(Image credit: Ubisoft)

The UK's National Cyber Security Centre would like to politely remind you that three random words are a good, secure password. Why am I telling you this? Because everything, increasingly, wants you to have a unique account and password for its service.

Citing several ideas like length, impact, novelty, and usability as reasons to choose three-word passwords, the NCSC recommends a three-word password because it bypasses some of the most common ways that criminals crack passwords. These are things like single words with predictable substitutions (5 for S, or ! for 1) and brute-force techniques that rely on shorter passwords to succeed. "The stereotypical password is a single dictionary word or name, with predictable character replacements," says the NCSC.

In contrast, a three-word password is something you can realistically remember or store in a secure location like a password manager. It's also easy to adopt and modify for different sites' requirements, as opposed to generating random strings of characters.

You can read the full post on the value of the three-word password, or passphrase, on the NCSC website. It's a pretty accessible breakdown.

The three-word password is one of the NCSC's most popular topics, apparently, even some five years after it first wrote on the topic. The recent blog post revisits the idea in light of developments since then and concludes that, yep, it's still a good one.

The NCSC is a UK government entity that exists to research, fight, and raise awareness of cyber security issues. They work with global and domestic partners on these issues.

Contributor

Jon Bolding is a games writer and critic with an extensive background in strategy games. When he's not on his PC, he can be found playing every tabletop game under the sun.

Read more
Kinzie, in an FBI jacket, uses a computer with the logo of the Third Street Saints on it
Have I Been Pwned adds over 284 million compromised passwords from latest breach
The Buffalo RUF3-KEV USB drive on a red-orange gradient
This USB flash drive has a built-in anti-malware system, but I still wouldn't use one I found in a parking lot
A word puzzle shaped like a flower
I only just noticed this, but Merriam-Webster has put together a solid collection of free daily puzzle browser games
Mature professional business man suffering from a headache while working online on computer checking emails alone at work. One male manager feeling overworked, stressed and tired due to a deadline - stock photo
A 2023 study concluded CAPTCHAs are 'a tracking cookie farm for profit masquerading as a security service' that made us spend 819 million hours clicking on traffic lights to generate nearly $1 trillion for Google
A digitally generated image of abstract AI chat speech bubbles overlaying a blue digital surface.
We need a better name for AI, or we risk talking past each other until actually intelligent AGI comes home mooing
An image of a fake Bitcoin with a laptop in the background displaying financial data
North Korean hackers are said to have stolen $1,300,000,000 in crypto in 2024, an estimated 61% of the total funds swiped this year
Latest in Security
An FBI wanted poster for alleged hacker Zhou Shuai.
US Justice Dept announces $10 million bounty on at-large 'hacker-for-hire' cabal it says targeted China critics, religious missionaries, and the Treasury
Kinzie, in an FBI jacket, uses a computer with the logo of the Third Street Saints on it
Have I Been Pwned adds over 284 million compromised passwords from latest breach
A still from a YouTube video of Senator Mark Warner speaking
Telecoms hack on US government officials is 'worst in nations history' and 'the barn door is still wide open' says senator
HDMI cable
Hackers can wirelessly spy on your display by collecting HDMI signal leaks and churning them through an AI, but I wouldn't break out the tin foil just yet
Computer code and text displayed on computer screens. Photographer: Chris Ratcliffe/Bloomberg
Forcing users to periodically change their passwords should go the way of the dodo according to the US government
An original Apple Macintosh Model M0001, as they celebrate 40th anniversary, is on display in between 2024 Apple models at the independent Apple products store chain Amac, on January 24, 2024 in Utrecht, The Netherlands. Based on the Motorola 68000 microprocessor, the Macintosh was the first successful mouse-driven computer with a graphical user interface.
Major browser providers scramble to patch an 18-year-old vulnerability affecting MacOS and Linux systems but Windows remains gloriously immune
Latest in News
Gabe Newell in a Valve promotional video, on a yacht.
Go ahead and complain the discounts aren't as steep as they used to be, but Steam just had its biggest year ever for seasonal sales
Valve Steam Deck OLED handheld PC
'The future of hardware at Valve is bright': Valve celebrates the success of Steam Deck and Steam OS
Key art of the videogame Lunacid, showing a pale, long haired knight in purple armor contemplating a purple, flaming sword surrounded by the different phases of the moon.
One of my favorite indie RPGs is getting a follow-up made with FromSoftware's 25-year-old Super Mario Maker for first person dungeon crawlers
Kingdom Come: Deliverance 2 image - Henry riding a pink and blue striped horse while holding a fish
Kingdom Come: Deliverance 2 now has Steam Workshop support, and of course one of the first mods lets you adjust the 'jiggle physics'
Still image of Bastion holding a bird, taken from Microsoft's Copilot for Gaming reveal trailer
Microsoft unveils Copilot for Gaming, an AI-powered 'ultimate gaming sidekick' that will let you talk to your console so you don't have to talk to your friends
Erenshor - A player and two simulated MMO party members stand on a plateau in front of a yellow landscape
This RuneScape-looking 'simulated MMORPG' has all the nostalgia without the drama because all the other 'players' are NPCs