https://www.theguardian.com/technology/2021/aug/07/password-of-three-random-words-better-than-complex-variation-experts-say [p] Skip to main content Skip to navigation Advertisement US edition[ ] * US edition * UK edition * Australian edition * International edition The Guardian - Back to home Search jobs Sign inSearch [ ] * News * Opinion * Sport * Culture * Lifestyle ShowMoreShow More * [ ]News + US news + World news + Environment + Soccer + US politics + Business + Tech + Science + Newsletters + Green light * [ ]Opinion + The Guardian view + Columnists + Letters + Opinion videos + Cartoons * [ ]Sport + Tokyo 2020 + Soccer + NFL + Tennis + MLB + MLS + NBA + NHL * [ ]Culture + Film + Books + Music + Art & design + TV & radio + Stage + Classical + Games * [ ]Lifestyle + Fashion + Food + Recipes + Love & sex + Home & garden + Health & fitness + Family + Travel + Money + Make a contribution + Subscribe * + Search jobs + Digital Archive + Guardian Puzzles app + The Guardian app + Video + Podcasts + Pictures + Inside the Guardian + Guardian Weekly + Crosswords * + Search jobs + Digital Archive + Guardian Puzzles app * US * World * Environment * Soccer * US Politics * Business * Tech * Science * Newsletters * Green light The ObserverData and computer security Password of three random words better than complex variation, experts say UK National Cyber Security Centre recommends approach for improved combination of usability and safety Woman using a laptop [ ] Online fraud has soared by 70% over the past year, according to data from the Office for National Statistics. Photograph: Tim Goode/PA Online fraud has soared by 70% over the past year, according to data from the Office for National Statistics. Photograph: Tim Goode/PA Robin McKie Observer science editor Sat 7 Aug 2021 07.29 EDT[ ] Last modified on Sat 7 Aug 2021 10.48 EDT * * * It is much better to concoct passwords for online accounts that are made up of three random words as opposed to creating complex variations of letters, numbers and symbols, government experts have said. In a blogpost, the National Cyber Security Centre (NCSC) - which is part of Government Communications Headquarters - said a three-word system creates passwords that are easy to remember. In addition, it creates unusual combinations of letters, which means the system is strong enough to keep online accounts secure from cybercriminals. By contrast, more complex passwords can be ineffective as their makeup can often be guessed by criminals using specialist software. The agency said cybercriminals targeted predictable strategies meant to make passwords more complex. Examples include substituting the letter O with a zero, or the number one with an exclamation mark. Criminals allow for such patterns in their hacking software, negating any added security from such passwords. "Counterintuitively, the enforcement of these complexity requirements results in the creation of more predictable passwords," the agency said. By contrast, passwords constructed from three random words tended to be longer and harder to predict, and used letter combinations that were more difficult for hacking algorithms to detect, it said. The blogpost conceded that using three random words was not 100% safe, since people might use predictable word combinations, but said a major advantage of the system was its usability "because security that's not usable doesn't work". Cybercrime has soared during the pandemic, with online fraud rising 70% over the past year, according to data from the Office for National Statistics. "Traditional password advice telling us to remember multiple complex passwords is simply daft," the NCSC's technical director, Dr Ian Levy, said on the centre's website. "There are several good reasons why we decided on the three random words approach - not least because they create passwords which are both strong and easier to remember. "By following this advice, people will be much less vulnerable to cybercriminals and I'd encourage people to think about the passwords they use on their important accounts, and consider a password manager." Topics * Data and computer security * The Observer * Cybercrime * Internet * GCHQ * news * * * * * * Reuse this content * US * World * Environment * Soccer * US Politics * Business * Tech * Science * Newsletters * Green light * News * Opinion * Sport * Culture * Lifestyle * About us * Contact us * Complaints & corrections * SecureDrop * Work for us * Privacy policy * Cookie policy * Terms & conditions * Help * All topics * All writers * Digital newspaper archive * Facebook * YouTube * Instagram * LinkedIn * Twitter * Newsletters * Advertise with us * Guardian Labs * Search jobs Back to top (c) 2021 Guardian News & Media Limited or its affiliated companies. All rights reserved. (modern)