Why three random words?
Passwords generated from three random words help users to create unique passwords that are strong enough for many purposes and can be remembered much more easily. This is also good for those who aren’t aware of password managers or are reluctant to use them. However, there are several other reasons why to chose the three random words strategy.
Passwords made from multiple words will generally be longer than passwords made from a single word. Length is a common (and recommended) requirement for passwords, and promoting the use of a ‘passphrase’ created by combining words provides a way to achieve this without relying on predictable patterns (such as the addition of ! at the end of a password).
‘Three random words’ contains all the essential information in the title, and can be quickly explained, even to those who don’t consider themselves computer experts.
The stereotypical password is a single dictionary word or name, with predictable character replacements. By recommending multiple words we immediately challenge that perception and encourage a range of passwords that have not previously been considered.
The main issue with enforcing complexity requirements is that it’s difficult for users to generate, remember, and enter complex passwords correctly without substantial effort, which further encourages the re-use of passwords. Three random words’ power is in its usability because security that’s usable doesn’t work.