Source: Psyomjesus / CC BY-SA 4.0The National Institute of Standards and Technology (NIST) is revising its guidelines concerning passwords.

Traditionally, passwords were required to be complicated to prevent criminals from “guessing” at them. Often, passwords were required to include numbers and symbols. Additionally, people were told to change their passwords frequently and employ a number of different passwords for their varied apps and websites—often a confusing and time-consuming process.

Now, the NIST is calling for simpler methods for creating such passwords, recommending that passwords be kept long, simple and easy to remember.

"The traditional guidance is actually producing passwords that are easy for bad guys and hard for legitimate users," says Paul Grassi, senior standards and technology adviser at NIST, who led the new revision of guidelines.

In addition to the call for long and memorable passwords, the organization also suggests using phrases, lowercase letters and familiar English words for passwords and no longer requiring the use of special characters, uppercase letters and frequent password expiration.

"We focus on the cognitive side of this, which is what tools can users use to remember these things?" Grassi says. "So if you can picture it in your head, and no one else could, that's a good password."

"It works because we are creating longer passwords that cryptographically are harder to break than the shorter ones, even with all those special character requirements," Grassi says. "We are really bad at random passwords, so the longer the better."