In 2016, the NCSC published guidance recommending "three random words" as the basis for a memorable yet secure password. The recommendation was initially met with scepticism from security practitioners accustomed to complex character requirements. A decade later, it has been validated by research, adopted by NIST SP 800-63B, and forms the basis of the NCSC's current Cyber Aware consumer guidance. Understanding the reasoning behind it explains why it works — and how to apply it correctly.
The Entropy Argument
Password strength is measured in bits of entropy — the logarithm base 2 of the number of possible passwords. An attacker trying to brute-force a password must search through all possibilities; more entropy means more possibilities to search.
| Approach | Example | Entropy | Search space |
|---|---|---|---|
| 8 chars, upper+lower+digit+symbol | P@ssw0rd | ~52 bits | 4.5 × 10¹⁵ |
| 3 random words (7,776-word list) | correct horse battery | ~38.7 bits | 4.7 × 10¹¹ |
| 4 random words | correct horse battery staple | ~51.6 bits | 3.6 × 10¹⁵ |
| 5 random words | correct horse battery staple fence | ~64.5 bits | 2.8 × 10¹⁹ |
| 6 random words | correct horse battery staple fence oak | ~77.4 bits | 2.2 × 10²³ |
Why Complexity Requirements Failed
The original password complexity requirement — uppercase, lowercase, digit, symbol — was derived from NIST SP 800-63 published in 2004. The requirement was based on theoretical entropy calculations that assumed users would select characters randomly. They do not. Research consistently showed that users faced with complexity requirements produced predictable patterns: capitalise the first letter, add a number at the end, substitute a vowel with a symbol. "Password1!" satisfies most complexity requirements while providing minimal actual entropy.
The NCSC's 2016 analysis of breach data confirmed this: length provided far more effective security than complexity. A 15-character passphrase of three common English words — selected randomly — is harder to crack than an 8-character "complex" password selected by a human following rules. NIST SP 800-63B (2017, updated 2025) followed by removing mandatory complexity requirements and focusing on length, breach checking, and MFA instead.
The Correct Application
Three random words works when applied correctly — and fails when applied incorrectly. The NCSC guidance is explicit: the words must be randomly selected. Choosing words associated with you, your interests, or your environment creates a profiling attack surface. A passphrase generator using crypto.getRandomValues() — as the Passphrase Maker does — ensures genuine randomness regardless of the user's conscious or unconscious preferences.
Four Words for Stronger Accounts
For password manager master passwords, encryption keys, and other high-value credentials, the NCSC and NIST both recommend longer credentials. Four or five words provides substantially higher entropy — the Passphrase Maker defaults to four words and recommends five for master passwords and six for encryption passphrases. See our guide on choosing a master password for specific recommendations by account type.