Poor Grammar Makes For More Secure Passwords

rated by 0 users
This post has 6 Replies | 1 Follower

Top 10 Contributor
Posts 24,846
Points 1,114,875
Joined: Sep 2007
ForumsAdministrator
News Posted: Mon, Jan 21 2013 10:27 AM
There are some basic rules to follow when selecting a password. For example, while we're sure your significant other is a fine person, using their name as your password is a terrible idea. Same goes for your son's birthday. The object is to select a series of characters and symbols that's nigh impossible to guess, but it doesn't stop there.

Brute force attacks means that if your password is "JumpingTurtleBean," it can be cracked relatively easily. And get this -- the better your grammar, the easier it is to figure out your password, regardless of length! Researchers at Carnegie Mellon University came up with a rudimentary algorithm that makes easy work out of cracking long passwords with good grammar to prove the point.

Password
Don't actually do this.

"A significant result of our work is that the strength of long passwords does not increase uniformly with length," the researchers wrote.

A full 10 percent of the long passwords the team tested were cracked with the simple algorithm and nothing else. This flies in the face of current thinking that longer passwords are better, which isn't necessarily the case. The reason is because the longer the password, the more likely a user is to choose words that are easier to remember, like a grammatically correct phrase.

Combine that with the fact that there are machines capable of making 33 billion password guesses per second and, well, it makes you think twice about your password (and about using good grammar).
  • | Post Points: 80
Top 150 Contributor
Posts 577
Points 5,250
Joined: Sep 2012
Location: Canada
ForumsAdministrator
Moderator
RWilliams replied on Mon, Jan 21 2013 10:58 AM

Lesson: use strong passwords that don't involve words at all. That won't have a huge effect on brute-forcing given today's GPUs, but it makes a dictionary-based brute-force impossible.

"Long passwords is a promising user authentication mechanism."

I'm not sure, but if I were to write a report based around grammar, I'd probably try to perfect its wording (yes - I realize most of these reports typically have odd-sounding statements).

  • | Post Points: 5
Not Ranked
Posts 9
Points 60
Joined: Jul 2012

I shouldn't be surprised anymore by the number of people I encounter who use password123, but it still stuns me every time.

  • | Post Points: 5
Top 500 Contributor
Posts 196
Points 2,090
Joined: Feb 2010
Paul_Lilly replied on Mon, Jan 21 2013 11:35 AM

Tip for the Day: Passwords are like underwear, you should, uh, wash them or something.

  • | Post Points: 20
Top 10 Contributor
Posts 8,422
Points 102,050
Joined: Apr 2009
Location: Shenandoah Valley, Virginia
MembershipAdministrator
Moderator
realneil replied on Mon, Jan 21 2013 12:48 PM

Paul_Lilly:
Passwords are like underwear, you should, uh, wash them or something.

LOL!   It's like taking a girl you don't know well into the HotTub while the night is young,...............

Don't part with your illusions. When they are gone you may still exist, but you have ceased to live.

(Mark Twain)

  • | Post Points: 5
Top 500 Contributor
Posts 165
Points 1,570
Joined: Nov 2010
lipe123 replied on Mon, Jan 21 2013 2:46 PM

Here is a thought, keep the password salts/hashes/stuff secure so that attackers cannot try 14 billion attacks per second on them and there is no issue.

Try a pwd more than 5 times and *BAM* account locked.

The problem with all these attacks and password breaking is that somehow the authentication part of the passwords are somehow easily obtainable, how does it make sense to put a titanium lock on a chickenwire gate?

  • | Post Points: 5
Top 500 Contributor
Posts 226
Points 1,735
Joined: Nov 2012
ForumsAdministrator
Moderator
scolaner replied on Mon, Jan 21 2013 3:08 PM

This report is hilarious, on multiple levels.

  • | Post Points: 5
Page 1 of 1 (7 items) | RSS