ZDNet – Security agencies say that three random words can be a better approach than enforcing complexity to achieve account protection. Bad passwords are easy to remember, but also easy to guess and that can give an attacker access to your online accounts. That’s why the UK’s National Cyber Security Centre (NCSC) has explained why it is still recommending users pick three random words for a password rather than meeting complex requirements, such as an alphanumeric string, that could permit the creation of bad passwords like “pa55word”…The other key reason is that three random words help increase password diversity, which makes it harder for attackers to use search algorithms to discover passwords cheaply and then compromise accounts. ..”