Everyone knows passwords are a pain. The current system is broken because it asks users to remember a weird jumble of letters, numbers, and special characters―say “Mercede$7″―for dozens of different websites.
This is a problem because: 1) normal people struggle to recall weird words that contain numbers and symbols; and 2) hackers can often anticipate the common way we add a single letter or character (such as $ for “S”) to a password, making it easier to guess.
The good news is there’s another approach. It relies on so-called “passphrases,” which are longer but much easier to remember.
For instance, instead of Mercede$7, a user can create something like: iwanttodriveaMercedesthroughthestreetsofBerlin
The longer password is effective for the simple reason that it contains more variables. As the Washington Post reports , the practice is getting support from academic research:
A series of studies from Carnegie Mellon University confirmed that passphrases are just as good at online security because hacking programs are thrown off by length nearly as easily as randomness. To a computer, poetry or simple sentences can be just as hard to crack. Even better: People are less likely to forget them.
To create a passphrase, people should think of a whimsical situation or even a phrase invoking a pet peeve. On the other hand, it’s not a good idea to use popular song lyrics or pieces of poetry because it’s more likely hackers will try those first in any effort to “brute force” guess the password.
Get Data Sheet , Fortune ’s technology newsletter.
One catch, of course, is that many websites or organizations still prompt users to create the annoying, shorter passwords based on numbers and symbols―and may not allow passphrases, which are typically 16 to 64 characters long.
But the good news, as the Post reports, is that more institutions, even government ones, are coming around to the wisdom of passphrases as academic support from the grows.
In the bigger picture, passwords as a security features are on borrowed time. Many experts believe, in the long run, passwords will come to replaced with a host of biometric identifiers such as fingerprints, iris scans, or even body heat. Nevertheless, biometrics have limitations of their own .
But in the meantime, more consumers will get the opportunity to replace all those irritating passwords with something they might actually remember.
