Password Generator

About

Why three random words?
The traditional password advice built around 'password complexity' failed because it told us to do things that most of us simply can't do (i.e. memorise lots of long, complex passwords).

Passwords generated from three random words help users to create unique passwords that are strong enough for many purposes, and can be remembered much more easily. This is also good for those who aren't aware of password managers, or are reluctant to use them. However, there are several other reasons why the NCSC chose the three random words strategy.

Length
Passwords made from multiple words will generally be longer than passwords made from a single word. Length is a common (and recommended) requirement for passwords, and promoting the use of a 'passphrase' created by combining words provides a way to achieve this without relying on predictable patterns (such as the addition of ! at the end of a password).

Impact
To have a meaningful impact, the NCSC needed to be able to promote a technique across different media, in a way that could be quickly understood in most contexts. 'Three random words' contains all the essential information in the title, and can be quickly explained, even to those who don't consider themselves computer experts.

Novelty
The stereotypical password is a single dictionary word or name, with predictable character replacements. By recommending multiple words we immediately challenge that perception, and encourage a range of passwords that have not previously been considered.

Usability
The main issue with enforcing complexity requirements is that it's difficult for users to generate, remember, and enter complex passwords correctly without substantial effort, which further encourages the re-use of passwords. Three random words' power is in its usability, because security that's not usable doesn't work.