Just about everything you do online requires a password. Passwords make sense in that you don’t want someone to access, say, your bank account. But what is the best way to create a strong password?
It can be hard to remember all the passwords for all the accounts and apps that we use. It is sometimes tempting to re-use them across multiple accounts. This does come with the downside of once one of your passwords is compromised, then all your passwords are compromised. So, what do you do?
In a recent blog post, the UK’s National Cyber Security Centre recommends when choosing a password, it is best to use three random words. Three reasons why the NCSC recommends this approach is:
- Length: three words are normally longer than a single word would be.
- Novelty: as it is less likely that the 3 random words you come up with are the same and in the same order as someone else’s.
- Usability: It is easier for the user to come up with three random words and remember them, than a complex range letters and numbers. It is also easier for a user to remember a three word password than the jumbled letters and numbers one.
In addition, the NCSC notes that “our minds struggle to remember random character strings, so we use predictable patterns (such as replacing the letter ‘o’ with a zero) to meet the required 'complexity' criteria.” The NCSC also argues that more complex passwords can be ineffective as their makeup can often be guessed by criminals using specialist software to “brute force” their way in.
Another strategy to stronger passwords is to use a password manager. A password manager stores all your passwords for you, so all you need to remember is one strong password. In addition, the password manager can also help you create a long, complex password of random letters and numbers that you don’t have to remember. The NCSC also recommends the use of password managers but notes that password manager adoption remains "very low". Its three random words suggestion is aimed at users who aren't aware of password managers or those who don't want to use password managers.
Whether you opt to use a password manager or the three random words strategy, it will be more secure than choosing something like “Pa55w0rd” which is much easier to guess. To add an additional security layer to your logins, use multifactor authentication.
If you need help setting up cyber security policies, including password policies, contact QuickProtect.