Study: Good grammar makes bad passwords

Jan. 24, 2013 at 8:31 PM   |   Comments

PITTSBURGH, Jan. 24 (UPI) -- Good grammar may be important, but when used to concoct a long computer password, grammar -- good or bad -- undercuts its security, U.S. researchers say.

Computer scientists at Carnegie Mellon University said a password-cracking algorithm they developed that took into account grammar was tested against 1,434 passwords containing 16 or more characters.

The grammar-aware cracker surpassed other state-of-the-art password crackers when passwords had grammatical structures, a university release reported Thursday.

Basing a password on a phrase or short sentence makes it easier for a user to remember, but the grammatical structure dramatically narrows the possible combinations and sequences of words, the researchers said.

Grammar's different parts of speech -- nouns, verbs, adjectives, pronouns -- also can undermine security, they said.

That's because pronouns are far fewer in number than verbs, verbs fewer than adjectives and adjectives fewer than nouns.

"I've seen password policies that say, 'Use five words,'" software engineering doctoral student Ashwini Rao, the study leader, said. "Well, if four of those words are pronouns, they don't add much security."

"We should not blindly rely on the number of words or characters in a password as a measure of its security," Rao said.

© 2013 United Press International, Inc. All Rights Reserved. Any reproduction, republication, redistribution and/or modification of any UPI content is expressly prohibited without UPI's prior written consent.
Recommended UPI Stories
Featured UPI Collection
Celebrity Couples of 2014 [PHOTOS]

Celebrity Couples of 2014 [PHOTOS]

Most Popular
Mars rover spots rock shaped like thigh bone
Parched land in the drought-riddled West is actually rising
NEC touts its fingerprint technology
Tech industry All Stars developing 'Star Trek'-style communication badges
Latvia boasts world's first net for migrating bats
Trending News