REAL LIFE NEWS: BAD GRAMMAR MAKES GOOD PASSWORDS
by Hazed
Bad news for people who, like me, have a good grasp of proper grammar. When devising pass phrases to use as security, the better the grammar, the worse the passphrase!
Security experts are urging people to move to longer passwords, and this is proving to be a problem. Once a password contains more than one word, in order to make sure you can remember what it is you are probably going to come up with a proper sentence, such as “abiggerbetterpassword”, “thelastbesthopeforpeace” or “chocolateisthegreatestthingintheworld”.
The problem is that algorithms designed to crack long passphrases know about the rules of grammar. A team of students from MIT and Carnegie Mellon University have come up with one that targets passcodes of at least 16 characters and is grammar-aware. When tested against 1,434 passwords containing 16 or more characters, it did a lot better than other expert password crackers when the passwords were grammatically correct.
The answer is to make sure your passphrase doesn’t make too much sense. The example given in the source article is that “hammered asinine requirements” is a good password (with or without the spaces) because it doesn’t hang together as a grammatical sentence, whereas “Th3r3 can only b3 #1!” is quite crackable.
Oh dear. I guess I need to come up with some new password schemes!
Source: http://arstechnica.com/security/2013/01/grammar-badness-makes-cracking-harder-the-long-password/