Some of the passwords we use are("password" as your password, really?!). Despite the password being a , there are plenty of . And now you can add bad grammar to that list.
One common password assumption is that longer passwords are better. The problem with the long password, however, is that users gravitate to something easier to remember (a phrase, for instance) that usually has good grammatical structure. But in a study by Ashwini Rao at Carnegie Mellon University, researchers developed an algorithm that could easily crack long passwords that made grammatical sense. "[W]hen users choose sentence-like or phrase-like passphrases, due to grammatical structures the search space and guessing eﬀort will decrease," the study said. As New Scientist explains:
Rao's algorithm makes guesses by combining words and phrases from password-cracking databases into grammatically correct phrases. While other cracking programs make multiple guesses based on each word in a database, putting in "catscats" and "catsstac" as well as just the word "cats", none of the programs make the jump to combine multiple words or phrases in a way that makes grammatical sense, like "Ihave3cats", for instance.
Based on the algorithm, the researchers were able to crack 10 percent of the long passwords that couldn't be cracked by other well-known password-cracking algorithms.
And with machines that can now make 33 billion password guesses per second selling for less than $3,000, as the study points out, password security is even more important.
Bad grammar make good password, research say [New Scientist]
This post was originally published on Smartplanet.com