According to a series of studies from Carnegie Mellon University, longer passwords are effective because their length stumps hacking programs. People tend to dislike complex computer passwords that are difficult to remember, the studies said, as they are often a nonsensical jumble of letters, numbers and symbols said to be essential for digital security.
Longer passwords, known as passphrases, usually 16 to 64 characters long, is increasingly seen as an escape route from complex codes, reported the Washington Post. To a computer, poetry or simple sentences can be just as hard to crack. People are less likely to forget them, researchers said.
"For equivalent amounts of security, longer tends to be more useful for people," said Michelle Mazurek, one of the Carnegie Mellon researchers, now at the University of Maryland College Park. Mazurek told the Washington Post that Internet users can expect passphrases to continue to become the norm. Beyond the Carnegie Mellon research, the trend has been backed up by the National Institute for Standards and Technology, which issued recommendations that not only encouraged users to adopt longer passwords, but also put a stop to the sometimes annoying practice of forcing a password re-set every 60 days, for example.
While this research emphasizes the longer password, there have been other trends that seem to suggest that we are moving into a post-password age, the Post said. A recent study from internet security firm TeleSign reported that 69 percent of security professionals believe that the traditional password-username combination no longer offers sufficient security in a hacker-heavy era. The same survey found that 72 percent of these professionals predicted that their companies and firms would do away with passwords completely by 2025.
These security professionals see two-factor authentication as well as behavioral biometrics or patterns derived from people's specific behaviors like typing, as the wave of the future. People will always differ on what is the most effective way to secure online accounts.
Rich Shay, now at MIT, was also involved with the Carnegie Mellon research, told the Post that the studies were inspired by observing how students secured their accounts on campus. Shay said that the Carnegie Mellon passwords had the at-times convoluted requirements of needing an uppercase letter, a lowercase letter, a number, and a "special character."
Passphrases seem to suggest a better alternative, but Shay conceded that since security professionals generally agree that a special character, for instance, does help guard against hacks, there really is no one-size-fits-all password safeguard. "There is no perfect password," he said.