[ISN] 'Andyhave3cats' is a better password than 'Shehave3cats, ' study finds

From: InfoSec News <alerts_at_private>
Date: Mon, 28 Jan 2013 00:28:20 -0600 (CST)
https://www.computerworld.com/s/article/9236227/_Andyhave3cats_is_a_better_password_than_Shehave3cats_study_finds

By Jaikumar Vijayan
Computerworld
January 25, 2013

Using a long phrase or a short sentence as a password may not be as secure as 
some security experts think.

Researchers at Carnegie Mellon University's Institute for Software Research 
have found that long passwords that incorporate grammar -- good or bad -- are 
easier to crack than short passwords without structure.

The research team tested more than 1,400 passwords containing 16 or more 
characters against a grammar-aware password-cracking algorithm and found that 
grammatical structure can undermine security.

Ashwini Rao, a Carnegie Mellon software engineering doctoral student and the 
lead researcher on the project, said that while phrases and sentences can make 
passwords easier to remember, their grammatical structure significantly narrows 
the possible word combinations and sequences that hackers -- and their tools -- 
need to guess.

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org 
Received on Sun Jan 27 2013 - 22:28:20 PST

This archive was generated by hypermail 2.2.0 : Sun Jan 27 2013 - 22:23:49 PST