X

StrongAndMemorable: New Rules for Passwords

Posted 8th July 2019
National Cyber Security Centre logo

As we’ve already mentioned, our next software release – due out this month – will bring you significantly stronger security. 

Especially when it comes to passwords.

Part of that is an enhanced ability to enforce specific corporate password policies – policies designed to stop users from choosing something that’s completely hackable (words like “password” or “12345” for example are still, astonishingly, the two most popular password choices in the English-speaking world).

The new rules can include: minimum length; enforced use of capitals, numbers or other special characters; forbidden re-use of old passwords; and more. Passwords can also now be effectively unlimited in length.

Which is particularly relevant when it comes to the creation of passwords that are both strong and memorable – but perhaps a little longer than normal.

Because, while our new rules for password creation are extremely versatile and should satisfy the most demanding of corporate policies, the boffins at the National Cyber Security Centre advise an altogether simpler approach.

They call it “three random words”.

Three well-chosen random words can be very memorable (so no need to write them down). But they can also be very hard to guess. 

The three random word approach provides a good compromise between protection and usability.

Try it for yourself. You can, once our new software is released.