Posted: 24th May 2022
With so much guidance available on how to set the perfect password, it can be hard to know what the best password strategy is. But we’re going to put our case forward in support of the ‘three random words’ approach.
The problem with the enforced complexity password strategy
We’ve all been there; your password must tick countless boxes to be accepted. You become so fixated on what feels like passing a test that by the time you get the green light, you have no idea what the final combination of letters, numbers and symbols was that got you there! So instead, you decide to make it logical and memorable – you use the name of our childhood pet but change the letter ‘A’ for a number four and stick an exclamation mark on the end for extra security.
Of course, hackers have sussed this password strategy and now the enforced complexity strategy designed to keep us all cyber-safe has ironically resulted in more predictable passwords.
It takes a hacker just 3 seconds to crack a 5-character password containing numbers and upper- and lower-case letters.
Learn more about password attacks and other common cyber attack methods.
Why the three random words password strategy works
Our minds find it very difficult to memorise long combinations of letters, numbers and symbols that mean nothing to us. But a password generated from three random words can help us create one that is unique, strong, and yet memorable.
It ticks the box for length
A password made of three random words is almost guaranteed to meet or exceed minimum length requirements.
A simple strategy for complex passwords
‘Three random words’ speaks for itself. Even those who don’t consider themselves knowledgeable users know what needs to be done.
Originality
With the freedom to get creative and even have a little fun with three random words, passwords will become more varied and unique.
Get some inspiration
The important thing to remember when adopting the three random word password strategy is to make each word distinctly irrelevant from the others. Using ‘onetwothree’ is not going to puzzle cyber criminals for very long.
Using a secure password generator like www.correcthorsebatterystaple.net helps ensure complexity and removes the human element which can unknowingly encourage predictability.
Arm your staff with the knowledge they need to help protect your business.
When you consider the National Cyber Security Centre was able to compile a list of 100,000 passwords that had been involved in cyber attacks, it’s easy to see why strong passwords are so important.
It’s a good idea to schedule password update days for all staff and promote original tips like the three random words strategy
You should also invest in cyber security training for all staff. A good training session will educate them on password security and safe surfing as well as develop their awareness of cyber attack techniques such as phishing and other social engineering approaches that they could be targeted with.
Through experience, we know that arming your staff with this knowledge will make them more vigilant. That’s why we offer free cyber security workshops to all of our clients and their staff, tailored to their industry. To find out more, give us a call.