News & Insights

Managing your passwords

Julia Rapp

Managing your passwords

Most of us know that using the same password for multiple accounts isn’t a good idea. Sites also remind us to create complex passwords with different criteria whenever it’s time to create a new account. For many of us though, it’s difficult to think of new, complex, unique passwords for every single account we have, let alone remember them all.

There is some good news on that front. The CyberWire’s Daily Briefing recently highlighted an article from the UK’s National Cyber Security Centre promoting the strategy of using three random words to generate passwords instead of concocting a long word to meet ever increasing complexity requirements.
The NCSC notes that, “enforcing complexity requirements is a poor defence against guessing attacks. Our minds struggle to remember random character strings, so we use predictable patterns (such as replacing the letter ‘o’ with a zero) to meet the required 'complexity' criteria.

Of course, attackers are familiar with these strategies and use this knowledge to optimise their attacks. Counter-intuitively, the enforcement of these complexity requirements results in the creation of more predictable passwords. Faced with making yet another password with specific requirements, users fall back on variations of something they already know and use, falsely believing it to be strong because it satisfies password strength meters (and is accepted by online services).”

Instead, using three random words is more unpredictable, making it harder for criminals to guess a password, they’re longer passwords, and it’s easier to remember a three-word phrase, making it a much more user-friendly approach.

Password managers are also a useful tool to help generate and store passwords that increase your security and make it harder for criminals to steal your data.
Check out the full article here!