A growing body of research shows simpler but longer passwords known as "passphrases" are as effective as more complicated but shorter passwords.
Complicated passwords might soon give way to simplicity.
A growing body of research — including recent studies out of Carnegie Melon University –shows simpler but longer passwords known as “passphrases” are as effective as more complicated but shorter passwords, according to a recent report in the Washington Post.
The length — usually 16 to 64 characters — and randomness of passphrases throw off hacking programs. One example: mycatlikesreadinggarfieldinthewashingtonpost instead of [email protected]!
The advantages of passphrases include that they:
- Don’t need to be changed as often.
- Are easier to remember because they do not require combinations of uppercase and lowercase letters, numbers and special characters.
Michelle Mazurek, a former Carnegie Mellon researcher who is now an assistant professor at the University of Maryland, tells the Washington Post passphrases are becoming more common:
“For equivalent amounts of security, longer tends to be more useful for people.”
This new standard for passwords is catching on with businesses and government agencies like the National Institute of Standards and Technology, which is in the process of formally updating its password guidelines contained in NIST special publication 800-63.
The North Atlantic Treaty Organization has also partnered with Carnegie Mellon University’s CyLab to improve its password security.
NATO program manager John Boyd noted a commonly cited problem with shorter passwords that require more frequent changes:
“We’re giving people mixed messages. We’re telling them to create great, strong passwords, but don’t fall in love with them because you’re going to have to change them again in a few months. People end up making bad passwords because they have no incentive to make good ones.”
Before you adopt passphrases, however, the Washington Post notes:
- Experts warn against using popular song lyrics or poetry lines in passphrases, as hackers can download libraries of common phrases.
- Many experts also advocate two-factor verification.
To learn more about two-factor verification, check out “A Free and Easy Way to Shop the Web More Securely.”
What’s your take on passphrases? Would you prefer them to shorter but more complicated passwords? Share your thoughts below or on our Facebook page.