Quick: Change your password again. Make sure it has a combination of capital letters, numbers and special characters. Wait, no. Instead, come up with a long random phrase that you should be able to remember. Wait, no. Stop. Stop the madness! It’s time to kill the password.

This relic from the early days of computing has long outlived its usefulness, and certainly, its ability to keep criminals at bay. More than two-thirds of people use the same, usually not-very-strong password across dozens of different accounts. Weak passwords and stolen identities are the No. 1 source of data loss. Last year alone, 81 percent of major data breaches could be traced back to one individual’s compromised identity.

Stolen passwords are so commonplace among criminals that they can easily buy 1,000 usernames and passwords for less than $20 on the dark web – and can inflict a good amount of financial damage for such a small investment.

The standard approach to passwords – change them frequently, and make sure they include a combination of capital letters, numbers and special characters – is based on guidance issued in 2003 by the National Institute of Standards and Technology (NIST).

Bill Burr, the now-retired engineer who wrote the guideline, recently said that it hasn’t worked well. “It just drives people bananas and they don’t pick good passwords no matter what you do,” he told The Wall Street Journal.