But if you start using random usernames (and email masks) in addition to random passwords, a hacker’s job becomes more difficult.

Using random words is more effective than using complex combinations for passwords, says the National Cyber Security Council (NCSC) ...

Using three random words to coin a password is more effective than traditional advice to create complex passwords, which can be difficult to remember and yet guessable for criminals.

Every password manager worth its salt includes a password generator component, so you don't have to create those random passwords yourself. However, not all password generators are the same.

The UK's National Cyber Security Centre (NCSC) is advising the public to use three random yet memorable words to create passwords, instead of using passwords containing a series of random characters.