DARPA's advice on passwords: Dump 'em.
The agency's Active Authentication program would use behaviorial traits rather than passwords.
The Defense Advanced Research Projects Agency wants to eliminate passwords and use an individual’s typing style and other behavioral traits for user authentication, writes Kathleen Hickey in Government Computer News.
Creating, remembering and managing long, complex passwords is “inherently unnatural,” according to the agency. In addition, most authetication systems can't tell if the authenticated user is replaced by someone else during the session.
To read Hickey's full report, including DARPA's preferred authentication methods, click here.