We've all been there -- being annoyed at having to come up with a nearly incomprehensible, difficult-to-remember stream of numbers and letters to create a full proof password. Now, computer science experts are emphasizing that there is a far more effective way to create stronger passwords: make them longer.
The new password security trend focuses on "passphrases," which are longer passwords that run anywhere from 16 to 64 characters. They don't have to be changed as often and should be much easier to remember
A series of studies out of Carnegie Mellon University stress that these longer passwords are effective because their length stumps hacking programs.
Michelle Mazurek, now at the University of Maryland College Park, was one of the Carnegie Mellon researchers who looked into the password trend. Mazurek told the Washington Post that Internet users can expect passphrases to continue to become the norm.
"For equivalent amounts of security, longer tends to be more useful for people," Mazurek stressed.
Beyond the Carnegie Mellon research, the trend has been backed up by the National Institute for Standards and Technology, which issued recommendations that not only encouraged users to adopt longer passwords, but also put a stop to the sometimes annoying practice of forcing a password re-set every 60 days, for example.
While this research emphasizes the longer password, there have been other trends that seem to suggest that we are moving into a post-password age. A recent study from internet security firm TeleSign reported that 69 percent of security professionals believe that the traditional password-username combination no longer offers sufficient security in a hacker-heavy era. The same survey found that 72 percent of these professionals predicted that their companies and firms would do away with passwords completely by 2025.
These security professionals see two-factor authentication as well as behavioral biometrics, or patterns derived from people's specific behaviors like typing, as the wave of the future.
People will always differ on what is the most effective way to secure online accounts. Rich Shay, now at MIT, was also involved with the Carnegie Mellon research and told the Post that the studies were inspired by observing how students secured their accounts on campus.
Shay said that the Carnegie Mellon passwords had the at-times convoluted requirements of needing an uppercase letter, a lowercase letter, a number, and a "special character."
Passphrases seem to suggest a better alternative, but Shay conceded that since security professionals generally agree that a special character, for instance, does help guard against hacks, there really is no one-size-fits-all password safeguard.
"There is no perfect password," he said.