Study Reveals Grammatical Structure Severely Undermines Password Strength
A new research study on the effectiveness of passwords may make you reevaluate the strength of your passwords.
A study conducted by researchers at Carnegie Mellon University’s Institute for Software Research shows that what we once thought of as strong passwords may not be so strong any more. The key, they have found, is grammar.
Results from the study found that passwords that incorporated grammatical structure, no matter how long, were easier to crack than comparatively shorter passwords with no apparent structure. To conduct their tests, the researchers developed what they describe as a grammar-aware password-cracking algorithm which uses separate dictionaries for each element of a sentence (i.e. one dictionary for verbs, one for nouns, etc.) to identify any structure within the password. With this cracking tool, they found that passwords with grammatical structure significantly reduced the time needed to crack a password due to the narrowing of possible word combinations and sequences.
A password such as “Th3r3 can b3 only #1!” was cracked in 22 minutes even though it used special symbols and letter substitutions. Compare to the password “Hammered asinine requirements” which took over three and a half hours for the researchers’ algorithm to crack, simply because it lacked a grammatical structure.
It’s studies like these that make us reconsider whether our supposed “strong” passwords are truly as strong as we think they are.
Original article by Jaikumar Vijayan.
Read the full story here.
Leave a comment
Some small organizations continue to use customer data to generate initial passwords, Read more
Another awareness poster for YOUR customers (and users). Now that we have our own em Read more
Risk isn’t the only thing to consider when planning a decision tree. Another one of t Read more
While we’re not a news service, we often use current events to comment on trends and Read more