Long passphrases are emerging as a better alternative for digital security than complex codes made of letters, numbers and special keystrokes that are hard to remember.
According to a series of studies from Carnegie Mellon University, longer passwords are effective because their length stumps hacking programs.
People tend to dislike complex computer passwords that are difficult to remember, the studies said, as they are often a nonsensical jumble of letters, numbers and symbols said to be essential for digital security.
Longer passwords, known as passphrases, usually 16 to 64 characters long, is increasingly seen as an escape route from complex codes, reported the Washington Post.
To a computer, poetry or simple sentences can be just as hard to crack. People are less likely to forget them, researchers said.
"For equivalent amounts of security, longer tends to be more useful for people," said Michelle Mazurek, one of the Carnegie Mellon researchers, now at the University of Maryland College Park.
Shay said that the Carnegie Mellon passwords had the at-times convoluted requirements of needing an uppercase letter, a lowercase letter, a number, and a "special character."
Passphrases seem to suggest a better alternative, but Shay conceded that since security professionals generally agree that a special character, for instance, does help guard against hacks, there really is no one-size-fits-all password safeguard. "There is no perfect password," he said.
Beyond the Carnegie Mellon research, the trend has been backed up by the National Institute for Standards and Technology, which issued recommendations that not only encouraged users to adopt longer passwords, but also put a stop to the sometimes annoying practice of forcing a password re-set every 60 days, for example.