Strong passwords: British authorities recommend a rule of 3 random words

note: We have used commission links in this article and have marked them with an “*”. If an order is placed via these links, t3n.de receives a commission.

The idea is not new. But the UK’s Cyber ​​Security Agency again strongly recommends the three-word random rule for secure passwords. But it’s also not 100% certain.

In October 2016, the British cybersecurity authority NCSC (National Cyber ​​Security Center) recommended the use of a combination of three randomly chosen words when it comes to recommending secure passwords. The National Center for Sports Security cited the words coffeetrainfish or walltinshirt as examples. The idea behind it: Passwords created in this way are easy to remember, are longer than some previously used ones – like the wife’s name – and are generally more difficult to decipher. Now, the National Center for Sports Security has definitively restarted the rule.

Accordingly, passwords found in this way – such as chair coin sockets – can be more effective and therefore more secure against cybercriminal attacks than more complex passwords. after every thing, So the expertsThey were specifically targeting these passwords. For example, if you replace only the two s with the digits five in your password and add an o with a zero and an exclamation point, it must meet the requirements for creating passwords, for example for online accounts. Cybercriminals have been investigating this type of letter-number combination for a long time.

the Enforce complexity requirementsContrary to intended use, such as the mandatory use of special characters and numbers, it leads to the creation of passwords that are more predictable, according to the authorities. On the other hand, passwords generated from three random words tend to be longer and harder to predict. In addition, combinations of characters that were more difficult to identify are used for algorithms used by cybercriminals, according to the NCSC.

However, experts point out that the three random word rule is not 100% safe. The big advantage is that it is easier for users to remember a password of three randomly selected passwords than an already complex password consisting of a large number of letters, numbers and special characters. In the end, of course, it is the safest method Use a password manager, but their acceptance is still very low. If you look at the listings Most used passwords – à la Password1234 – Hmm, there could be something to an NCSC idea.

You may also be interested in it