To more make them more difficult for criminals to guess, web services have forced people to use longer passwords with different types of characters, but that also makes them more difficult to remember. To add to the headache, experts also advise against using the same password for different services, to reduce the impact if one is hacked.

“Along with many in the industry, we feel passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe,” said Google vice president of security Eric Grosse and engineer Mayank Upadhyay, in an article to be published in an engineering journal.