Choosing passwords made up of a complex combination of letters, numbers and symbols is not the best solution, according to the UK Cyber Security Agency.
The National Cyber Security Center (NCSC), the UK government’s cybersecurity agency, has challenged the generally accepted idea that a complex password consisting of a series of letters, numbers and symbols is the best defenses against hackers. In a blog post, NCSC specialists instead recommend choosing passwords consisting of three random words to protect online accounts.
Among the advantages put forward, the government agency highlights passwords that tend to be longer, therefore more secure, and easier to remember than complex variations. Using three random words also creates more original passwords with unusual letter combinations that are more difficult for hackers’ software tools to guess. “Counterintuitively, enforcing these complexity requirements results in the creation of more predictable passwords,” writes the NCSC quoted by “The Guardian” of complex and hard-to-remember passwords. Cybercriminals are indeed familiar with techniques used to make supposedly more secure passwords, such as replacing the letter O with a zero or the number 1 with an exclamation point.
The agency, which concedes that the technique is not 100% secure, recommends not to use the letter sequences present in the list of weakest passwords (azerty, password, etc.) and to use a password manager to diversify the combinations for each online account.