Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

'Andyhave3cats' is a better password than 'Shehave3cats, ' study finds

From: InfoSec News <alerts () infosecnews org>
Date: Mon, 28 Jan 2013 00:28:20 -0600 (CST)
https://www.computerworld.com/s/article/9236227/_Andyhave3cats_is_a_better_password_than_Shehave3cats_study_finds

By Jaikumar Vijayan
Computerworld
January 25, 2013
Using a long phrase or a short sentence as a password may not be as secure as some security experts think.
Researchers at Carnegie Mellon University's Institute for Software Research have found that long passwords that incorporate grammar -- good or bad -- are easier to crack than short passwords without structure.
The research team tested more than 1,400 passwords containing 16 or more characters against a grammar-aware password-cracking algorithm and found that grammatical structure can undermine security.
Ashwini Rao, a Carnegie Mellon software engineering doctoral student and the lead researcher on the project, said that while phrases and sentences can make passwords easier to remember, their grammatical structure significantly narrows the possible word combinations and sequences that hackers -- and their tools -- need to guess. 

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org
Previous By Date Next
Previous By Thread Next

Current thread: