Poor Grammar Makes For More Secure Passwords

There are some basic rules to follow when selecting a password. For example, while we're sure your significant other is a fine person, using their name as your password is a terrible idea. Same goes for your son's birthday. The object is to select a series of characters and symbols that's nigh impossible to guess, but it doesn't stop there.

Brute force attacks means that if your password is "JumpingTurtleBean," it can be cracked relatively easily. And get this -- the better your grammar, the easier it is to figure out your password, regardless of length! Researchers at Carnegie Mellon University came up with a rudimentary algorithm that makes easy work out of cracking long passwords with good grammar to prove the point.

Don't actually do this.

"A significant result of our work is that the strength of long passwords does not increase uniformly with length," the researchers wrote.

A full 10 percent of the long passwords the team tested were cracked with the simple algorithm and nothing else. This flies in the face of current thinking that longer passwords are better, which isn't necessarily the case. The reason is because the longer the password, the more likely a user is to choose words that are easier to remember, like a grammatically correct phrase.

Combine that with the fact that there are machines capable of making 33 billion password guesses per second and, well, it makes you think twice about your password (and about using good grammar).
Tags:  security, Passwords
RWilliams one year ago

Lesson: use strong passwords that don't involve words at all. That won't have a huge effect on brute-forcing given today's GPUs, but it makes a dictionary-based brute-force impossible.

"Long passwords is a promising user authentication mechanism."

I'm not sure, but if I were to write a report based around grammar, I'd probably try to perfect its wording (yes - I realize most of these reports typically have odd-sounding statements).

Joshua Gulick one year ago

I shouldn't be surprised anymore by the number of people I encounter who use password123, but it still stuns me every time.

paul_lilly one year ago

Tip for the Day: Passwords are like underwear, you should, uh, wash them or something.

realneil one year ago

[quote user="Paul_Lilly"]Passwords are like underwear, you should, uh, wash them or something.[/quote]

LOL!   It's like taking a girl you don't know well into the HotTub while the night is young,...............

lipe123 one year ago

Here is a thought, keep the password salts/hashes/stuff secure so that attackers cannot try 14 billion attacks per second on them and there is no issue.

Try a pwd more than 5 times and *BAM* account locked.

The problem with all these attacks and password breaking is that somehow the authentication part of the passwords are somehow easily obtainable, how does it make sense to put a titanium lock on a chickenwire gate?

scolaner one year ago

This report is hilarious, on multiple levels.

Post a Comment
or Register to comment