Mazurek Quoted in Washington Post Article About Password Security

Michelle Mazurek, an assistant professor of computer science with joint appointments in the Maryland Cybersecurity Center and the Human-Computer Interaction Lab, was recently quoted in a Washington Post story about how to make passwords easier to remember, while still maintaining their effectiveness.

A new standard is emerging for password creation, which champions less complexity in favor of length. A growing number of businesses and government agencies are now requiring longer passwords, usually 16-64 characters long and known as passphrases, that do not need to be changed quite as often and can be easier to remember because they do not need include special characters. For example, a simple everyday phrase.

A series of studies from Carnegie Mellon University confirmed that passphrases are just as good at online security because hacking programs are thrown off by length nearly as easily as randomness. To a computer, poetry or simple sentences can be just as hard to crack.

“You’re definitely seeing more of it,” says Mazurek, who worked on the Carnegie Mellon studies. “For equivalent amounts of security, longer tends to be more useful for people.”

Read the full story here.