WE ALL KNOW THAT PASSWORDS NEED TO BE HARD TO GUESS IN ORDER TO PROTECT YOUR ACCOUNTS FROM COMMON AND UNSOPHISTICATED ATTACKS, SUCH AS GUESSING OR BRUTE FORCE ATTACKS WHERE A HACKER USES A SET OF PREDEFINED PASSWORDS OR A PASSWORD “DICTIONARY” TO TRY MILLIONS OF POSSIBLE PASSWORD AND CREDENTIAL COMBINATIONS.
To protect against these attack methods a password needs to be suitably long and complex, such as the example below:
Whilst creating a long and complex password make it much more difficult for a hacker to crack, they also are hard to remember which invariably leads to people using weak passwords, recycling old predictable passwords or using the same password for every account or application they use.
The National Cyber Security Centre (NCSC) advocates using a string of three or four random words to make a suitably long password that would take an incredibly long time to crack with current technology.
You can choose words that are memorable but should avoid those which might be easy to guess, such as ‘onetwothree’ or are closely related to you personally, such as the names of family members, pets or football teams. A good rule is ‘make sure that somebody who knows you well couldn’t guess your password in 20 attempts’.
Example of a random word password:
If a website or application has a password criteria to include numeric characters use a number to separate the random words.
Well-chosen random words can be quite memorable but not easy to guess. It provides a good compromise between protection and usability.