A new store system, a new password for the store owner. But which one to take? The fact that a date of birth or pet name is easy to guess, has got around. One solution: three randomly compiled everyday words -- such as "coffee train fish" -- beat in terms of security and user-friendliness the often cryptic passwords a la XJ123#324! from the random text generator.
The UK cyber security agency NCSC has recommended this approach for years and currently writes about this:
One of the most popular pages on the NCSC website, nearly 5 years after its first publication, is 'Three random words or #thinkrandom'. It explains how - by combining three random words - you can create a password that's 'random enough' to keep the bad guys out, but also 'easy enough' for you to remember.
In this blog, we're going to:
- explain why the NCSC continue to promote 'three random word' strategy (both at home and at work)
- respond to some concerns raised by NCSC customers who may be considering this strategy
https://www.ncsc.gov.uk/blog-post/the-logic-behind-three-random-words