“Skip the three words thing, go straight for the ‘use a password manager, dammit’ jugular”
This month I’m going to so do something that I’m sure won’t shock regular readers: pick an argument with the powers that be. The government organisation in question is the National Cyber Security Centre (NCSC), which, by and large, does a splendid job in both public and private sectors in matters of security advice and support. By and large, but not on one occasion recently when it decided the time was right to remind us of some password construction advice it first offered five years ago. It was wrong then and remains so to this day.
Using the perfectly reasonable hashtag of #thinkrandom, that advice was to use three random words as your password. That’s three words, not four, so you can forget about the XKCD comic suggestion () of “correct, horse, battery, staple” that has wedged itself into cybersecurity folklore. Not that you should if you want to maintain any semblance of a strong security posture.
You’re reading a preview, subscribe to read more.
Start your free 30 days