As World Password Day 2025 approaches, security experts are urging individuals and businesses to adopt more secure password practices. However, traditional methods of creating strong passwords have been proven inadequate in the face of new research.
The idea of combining three random words to create a password may seem promising, but law enforcement agencies can now crack these types of passwords using a 30% common-word dictionary subset, according to researchers at the University of Plymouth.
In an effort to enhance the effectiveness of law enforcement password cracking, the researchers discovered that using “an optimized rule set” reduced computational iterations by approximately 40%, significantly improving the speed at which passwords can be recovered. This means that even three-word passwords may not provide sufficient security against cybercriminals.
So, what’s the most secure method for creating a password? Experts recommend using passphrases instead of random words. A passphrase is a memorable but long phrase that’s not easily guessable. Most password managers can create these passphrases for you, but if you’re using a password manager, consider skipping the passphrase and going straight to a randomly generated, complex password.
Another option is to use a passkey, which uses biometric authentication to log in to a merchant profile. Passkeys are strong by default, phishing-resistant, and effortless to use. They can also be used with existing passwords, making them an attractive alternative for those looking to upgrade their security posture.
Regardless of the method you choose, it’s essential to prioritize password security, especially as new threats emerge. By adopting more secure practices, individuals and businesses can better protect themselves against cybercrime and data breaches.
Source: https://www.forbes.com/sites/daveywinder/2025/04/27/now-law-enforcement-can-hack-77-of-three-random-word-passwords