How Secure Is A Three Word Password?

From ‘1234’ to ‘qwerty’, thousands of businesses and individuals are still using predictable and straightforward passwords as the gateway to their online data.

With stolen and/or weak passwords contributing to 81% of successful hacking breaches, according to one study, it’s vital that both companies and ordinary internet users strengthen their passwords and avoid common words and phrases.

Memorability is a common concern amongst users. With so many different accounts to secure, many people would rather use the same easy-to-remember password for each website than a variety of complicated ones.

In a bid to find a middle ground between long/strong and easy-to-remember, some experts within the cyber security industry are advising people to combine three random words and use them as each password.


What does the advice say?

In an article on the National Cyber Security Centre’s blog, ‘Ian M’ suggests combining three random words to create a strong and memorable login.

He recommends that you avoid using words that form a sequence such as “onetwothree” and “mayjunejuly”. His article also warns against using words that have an obvious relevance to you such as your children’s names or favourite footballers.

It’s also wise to use different passwords for your most important accounts such as your email, online banking accounts and social media. After all, if you use the same universal password across multiple accounts, hacking into one platform could enable someone to access all your data.


So how robust is this approach?

Using three random words is certainly a much better way of securing your data than using one word or common sequence that is easy for both humans and computers to guess. However, random passwords that include a mixture of letters, numbers and special characters are still likely to be the best way of protecting your data.

Take a look at our guide to creating strong yet memorable passwords to learn more.