Information Security News
mailing list archives
'Andyhave3cats' is a better password than 'Shehave3cats, ' study finds
From: InfoSec News <alerts () infosecnews org>
Date: Mon, 28 Jan 2013 00:28:20 -0600 (CST)
By Jaikumar Vijayan
January 25, 2013
Using a long phrase or a short sentence as a password may not be as secure as
some security experts think.
Researchers at Carnegie Mellon University's Institute for Software Research
have found that long passwords that incorporate grammar -- good or bad -- are
easier to crack than short passwords without structure.
The research team tested more than 1,400 passwords containing 16 or more
characters against a grammar-aware password-cracking algorithm and found that
grammatical structure can undermine security.
Ashwini Rao, a Carnegie Mellon software engineering doctoral student and the
lead researcher on the project, said that while phrases and sentences can make
passwords easier to remember, their grammatical structure significantly narrows
the possible word combinations and sequences that hackers -- and their tools --
need to guess.
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
- 'Andyhave3cats' is a better password than 'Shehave3cats, ' study finds InfoSec News (Jan 28)