Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

'Andyhave3cats' is a better password than 'Shehave3cats,' study finds

Jaikumar Vijayan | Jan. 28, 2013
Carnegie Mellon University researchers find that certain grammar use can make passwords easy to crack, no matter the length or use of numbers, symbols.

Neither the number of words or characters made much of a difference to password strength when grammar was involved. The researchers calculated that cracking a password like "Th3r3 can only b3 #1! " would take just 22 minutes while breaking a password using the words "Hammered asinine requirements" would take more than three and a half hours.

Generally, incorporating special symbols, letter substitutions and using uppercase and lowercase letters do not help as much as some experts say, Rao told Computerworld in an email.

"In our calculations we account for a constant amount of mangling or substitutions on [the] part of the user," she said.

Previous research has already documented well-known substitution patterns, she said. Common examples include capitalizing the first letter, substituting certain letters with numbers and adding a punctuation mark at the end, she said.

"Password strength depends on the underlying part of speech," Rao noted. "A dictionary for nouns is bigger than a dictionary for adjectives which is bigger than [a dictionary for] verbs. "

So a password with the underlying structure, pronoun-noun-verb-adjective-adverb, like "mypassw0rdis$uper str0ng" is much stronger than a password that has an existential-modal-verb-determiner-pronoun structure such as "Th3r3canonlyb3 #1!" she said.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.