SCARS Institute’s Encyclopedia of Scams™ Published Continuously for 25 Years
SCARS™ Cyber Basics: Three Random Words
Three Random Words Or What Makes A Good Password?
You’re probably aware that there’s a lot of guidance out there on what makes a good password — and it can be incredibly confusing. This should help.
We advise that you create passwords using three random words both because they are easier to remember and are hard to guess.
You just put them together, like ‘coffeetrainfish’ or ‘walltinshirt’.
You can choose words that are memorable but should avoid those which might be easy to guess, such as ‘onetwothree’ or are closely related to you personally, such as the names of family members or pets.
Ultimately, the choices you make regarding passwords are up to you. This article is intended to help inform you as you make password decisions and explain a little bit of the cybersecurity rationale behind our three random words guidance.
ATTACKING YOUR ACCOUNT
Here are some common ways that cybercriminals might try to compromise your user accounts. Many of these relate to the passwords you use, so let’s take a look at a few of them:
It’s Obvious
You should try to ensure that your password isn’t easy to guess. We all know that passwords protect things that are valuable to us but that doesn’t stop the most common passwords consistently including ‘password’, ‘123456’, ‘qwerty’, ‘football’ and so on. Take a look at one of the many ‘top 100’ password lists to see what form the most common ones take.
Somebody Else’s Bad
There are frequently stories in the media about cybercriminals breaking large numbers of passwords from sites that have failed to protect them properly. If you are reusing the same password across multiple sites and cyber-criminals crack one site, they might try the recovered passwords on the other sites you use.
Keylogging
There is a type of malicious software that, once on your system, attempts to log the keystrokes you make — including passwords. Of course, this will compromise any password entered, no matter how complex. The best defense here is keeping your software current and up to date.
Smash The Hash
When you choose a password, if the site is reasonably diligent it won’t store that password in a form that can be read directly. It will have been processed by a clever math function called ‘hashing’.
This function turns the readable password into what appears to be gobbledegook. This is the “password hash” and it is this that the website stores. The clever thing about hashing is that it’s very hard to turn the hash back into the password. As a user, when you return to a website and enter your password, the hash is calculated and compared to the one already stored. If they match, you’re in.
If a cybercriminal somehow gets hold of the list of password hashes there are some attacks they can use to try to recover passwords. Firstly they might try a ‘dictionary attack’ — putting lists of known words (including common substitutions such as ‘1’ instead of ‘i’) through the same function and see if they result in the same hash. If they do, they have your password.
This might sound like a lot of work but with modern computing it really only takes seconds. If this doesn’t work the cybercriminal could try to ‘brute force’ the hash. This means trying every possible combination of characters until the password is found. Long random passwords and the inclusion of special characters make this harder for a computer to work out. Fortunately, most websites have protections against brute force attacks (this one does).
THREE RANDOM WORDS
If stopping a cybercriminal breaking your password relies on long and complex passwords, where does the three random words concept come from?
Well, super-long and complex passwords aren’t necessarily the best option for a number of reasons:
It’s Not All Math
Math is great, but not at the expense of the users.
It is really, really hard for a user to remember lots of complex, unique passwords. What happens is that we come up with coping mechanisms which are well known to cybercriminals, and which they can and do exploit in order to attack our accounts.
So, ironically, using long and complex passwords sometimes just plays right into attackers’ hands.
For example using ‘Pa55word!’ may follow the rules of a website, but is a bad password as it’s quite guessable.
Typically if a cybercriminal has the hashes to attack they will break them whatever rules are put in place.
Salt With That?
Actually, when a website processes your password it stirs in some other information as well, like your username. This is called salting. Combined with three random words, this provides a reasonable amount of protection from attack.
How Did They Get The Hash?
We glossed over the cybercriminals getting hold of the files containing all of the password hashes. If a website is well designed this should be really hard for a cybercriminal to do.
This is also why we recommend separate passwords for sites that are important to you (like your email) to things like web forums, that aren’t. If one website doesn’t look after the password hashes properly, that shouldn’t allow easy access to the things that are important to you.
Hard To Guess
Three well-chosen random words can be quite memorable but not easy to guess. It provides a good compromise between protection and usability.
Ultimately, It’s Your Choice Of Course, But Hopefully, This Has Helped To Make Your Password Choices A Little Bit More Informed!
Courtesy of the U.K. National Cyber Security Centre, United Kingdom
PLEASE SHARE OUR ARTICLES WITH YOUR CONTACTS
HELP OTHERS STAY SAFE ONLINE
SCARS™ Team
A SCARS Division
Miami Florida U.S.A.
TAGS: SCARS, Important Article, Information About Scams, Anti-Scam, SCARS™ Cyber Basics, Three Random Words, Better Passwords, more Secure Passwords, Thinkrandom
The Latest SCARS|RSN Posts
FIND MORE SCAM NEWS
«SCAMCRIME.COM»
CHAT WITH SCARS™
«CLICK HERE»
END
MORE INFORMATION
– – –
Tell us about your experiences with Romance Scammers in our
« Scams Discussion Forum on Facebook »
– – –
FAQ: How Do You Properly Report Scammers?
It is essential that law enforcement knows about scams & scammers, even though there is nothing (in most cases) that they can do.
Always report scams involving money lost or where you received money to:
- Local Police – ask them to take an “informational” police report – say you need it for your insurance
- U.S. State Police (if you live in the U.S.) – they will take the matter more seriously and provide you with more help than local police
- Your National Police or FBI « www.IC3.gov »
- The SCARS|CDN™ Cybercriminal Data Network – Worldwide Reporting Network « HERE » or on « www.Anyscam.com »
This helps your government understand the problem, and allows law enforcement to add scammers on watch lists worldwide.
– – –
Visit our NEW Main SCARS Facebook page for much more information about scams and online crime: « www.facebook.com/SCARS.News.And.Information »
To learn more about SCARS visit « www.AgainstScams.org »
Please be sure to report all scammers
« HERE » or on « www.Anyscam.com »
Legal Notices:
All original content is Copyright © 1991 – 2020 SCARS All Rights Reserved Worldwide & Webwide. Third-party copyrights acknowledge.
SCARS, RSN, Romance Scams Now, SCARS|WORLDWIDE, SCARS|GLOBAL, SCARS, Society of Citizens Against Relationship Scams, Society of Citizens Against Romance Scams, SCARS|ANYSCAM, Project Anyscam, Anyscam, SCARS|GOFCH, GOFCH, SCARS|CHINA, SCARS|CDN, SCARS|UK, SCARS Cybercriminal Data Network, Cobalt Alert, Scam Victims Support Group, are all trademarks of Society of Citizens Against Relationship Scams Incorporated.
Contact the law firm for the Society of Citizens Against Relationship Scams Incorporated by email at legal@AgainstScams.org
-/ 30 /-
What do you think about this?
Please share your thoughts in a comment below!
Article Rating
Table of Contents
- Three Random Words Or What Makes A Good Password?
- ATTACKING YOUR ACCOUNT
- THREE RANDOM WORDS
- Ultimately, It’s Your Choice Of Course, But Hopefully, This Has Helped To Make Your Password Choices A Little Bit More Informed!
- The Latest SCARS|RSN Posts
- Elicitation – A Scammer’s Manipulation Technique – 2025
- SCARS Institute’s New Survivor Community – www.SCARScommunity.org – 2025
- WARNING: AI-Enabled Browsers Pose a Cybersecurity Risk – 2025
- New United Nations UNODC Report on Corruption and Cybercrime – 2025
- SCARS Institute – 12 Years of Service to Scam Victims/Survivors – 2025/2026
- Protecting the People: The Role that Governments are or are not taking in Combating Cybercrime – 2025
Rapid Report Scammers
In the U.S. & Canada
U.S. & Canada Suicide Lifeline 988
RATE THIS ARTICLE?
LEAVE A COMMENT?
Recent Comments
On Other Articles
- Taci Fernuik on How You Think & Talk About Your Scam Affects Your Recovery: “I have hung on to the scams for far too long. With the intervention of an all-merciful God, I have…” Nov 6, 22:13
- on Disengaging From A Fake Scam Relationship: “Taci, you may want to join our new support community at www.SCARScommunity.org” Nov 6, 03:01
- on Disengaging From A Fake Scam Relationship: “This particular article helped me discover the many things I did wrong the first time I was scammed. I should…” Nov 5, 22:49
- on About the SCARS RomanceScamsNOW.com Website – 24 Years Published: “It was unavailable for a few days, but it is available again. If he would be interested, he is welcome…” Nov 5, 00:59
- on About the SCARS RomanceScamsNOW.com Website – 24 Years Published: “My husband has been scammed and your classes have been helping him but now he can’t seem to access them.…” Oct 26, 14:57
- on Talia Shepard – Impersonation Victim – Stolen Photos – 2024: “Hi, I’m Patrick from Belgium and I found this site by chance, so I just got to know it, and…” Oct 17, 23:46
- on Talia Shepard – Impersonation Victim – Stolen Photos – 2024: “Hallo ik ben Patrick uit Belgie en het is in verband over PayPal. Ik heb het dit jaar spijtig genoeg…” Oct 17, 23:08
- on Debt Relief Scams – Catalog of Scams – 2024 UPDATED 2025: “Before you make any decision, stop, think, and ask someone you trust for advice. No matter how difficult your situation…” Oct 9, 07:06
- on Shemar Moore – Stolen Photos – Impersonation Victim – 2024: “KM, sadly, this was available 5 years ago. The is a 25 year old website. Of course, new content is…” Oct 6, 13:27
- on Shemar Moore – Stolen Photos – Impersonation Victim – 2024: “Me too, since 2020. I’ve dealt with a lot of them till now. They’ve completely manipulated me and put me…” Oct 6, 00:48
ARTICLE META
Important Information for New Scam Victims
- Please visit www.ScamVictimsSupport.org – a SCARS Website for New Scam Victims & Sextortion Victims
- Enroll in FREE SCARS Scam Survivor’s School now at www.SCARSeducation.org
- Please visit www.ScamPsychology.org – to more fully understand the psychological concepts involved in scams and scam victim recovery
If you are looking for local trauma counselors please visit counseling.AgainstScams.org or join SCARS for our counseling/therapy benefit: membership.AgainstScams.org
If you need to speak with someone now, you can dial 988 or find phone numbers for crisis hotlines all around the world here: www.opencounseling.com/suicide-hotlines
A Note About Labeling!
We often use the term ‘scam victim’ in our articles, but this is a convenience to help those searching for information in search engines like Google. It is just a convenience and has no deeper meaning. If you have come through such an experience, YOU are a Survivor! It was not your fault. You are not alone! Axios!
A Question of Trust
At the SCARS Institute, we invite you to do your own research on the topics we speak about and publish, Our team investigates the subject being discussed, especially when it comes to understanding the scam victims-survivors experience. You can do Google searches but in many cases, you will have to wade through scientific papers and studies. However, remember that biases and perspectives matter and influence the outcome. Regardless, we encourage you to explore these topics as thoroughly as you can for your own awareness.
Statement About Victim Blaming
Some of our articles discuss various aspects of victims. This is both about better understanding victims (the science of victimology) and their behaviors and psychology. This helps us to educate victims/survivors about why these crimes happened and to not blame themselves, better develop recovery programs, and to help victims avoid scams in the future. At times this may sound like blaming the victim, but it does not blame scam victims, we are simply explaining the hows and whys of the experience victims have.
These articles, about the Psychology of Scams or Victim Psychology – meaning that all humans have psychological or cognitive characteristics in common that can either be exploited or work against us – help us all to understand the unique challenges victims face before, during, and after scams, fraud, or cybercrimes. These sometimes talk about some of the vulnerabilities the scammers exploit. Victims rarely have control of them or are even aware of them, until something like a scam happens and then they can learn how their mind works and how to overcome these mechanisms.
Articles like these help victims and others understand these processes and how to help prevent them from being exploited again or to help them recover more easily by understanding their post-scam behaviors. Learn more about the Psychology of Scams at www.ScamPsychology.org
Psychology Disclaimer:
All articles about psychology and the human brain on this website are for information & education only
The information provided in this article is intended for educational and self-help purposes only and should not be construed as a substitute for professional therapy or counseling.
While any self-help techniques outlined herein may be beneficial for scam victims seeking to recover from their experience and move towards recovery, it is important to consult with a qualified mental health professional before initiating any course of action. Each individual’s experience and needs are unique, and what works for one person may not be suitable for another.
Additionally, any approach may not be appropriate for individuals with certain pre-existing mental health conditions or trauma histories. It is advisable to seek guidance from a licensed therapist or counselor who can provide personalized support, guidance, and treatment tailored to your specific needs.
If you are experiencing significant distress or emotional difficulties related to a scam or other traumatic event, please consult your doctor or mental health provider for appropriate care and support.
Also read our SCARS Institute Statement about Professional Care for Scam Victims – click here to go to our ScamsNOW.com website.
Thank you for your comment. You may receive an email to follow up. We never share your data with marketers.