Home page logo

isn logo Information Security News mailing list archives

'Andyhave3cats' is a better password than 'Shehave3cats, ' study finds
From: InfoSec News <alerts () infosecnews org>
Date: Mon, 28 Jan 2013 00:28:20 -0600 (CST)


By Jaikumar Vijayan
January 25, 2013

Using a long phrase or a short sentence as a password may not be as secure as some security experts think.

Researchers at Carnegie Mellon University's Institute for Software Research have found that long passwords that incorporate grammar -- good or bad -- are easier to crack than short passwords without structure.

The research team tested more than 1,400 passwords containing 16 or more characters against a grammar-aware password-cracking algorithm and found that grammatical structure can undermine security.

Ashwini Rao, a Carnegie Mellon software engineering doctoral student and the lead researcher on the project, said that while phrases and sentences can make passwords easier to remember, their grammatical structure significantly narrows the possible word combinations and sequences that hackers -- and their tools -- need to guess.


Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!

  By Date           By Thread  

Current thread:
  • 'Andyhave3cats' is a better password than 'Shehave3cats, ' study finds InfoSec News (Jan 28)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]