About Us | Contact Us
View Cart

Study Reveals Grammatical Structure Severely Undermines Password Strength

By Vigilize | Monday, January 28, 2013 - Leave a Comment

A new research study on the effectiveness of passwords may make you reevaluate the strength of your passwords.

A study conducted by researchers at Carnegie Mellon University’s Institute for Software Research shows that what we once thought of as strong passwords may not be so strong any more. The key, they have found, is grammar.

Results from the study found that passwords that incorporated grammatical structure, no matter how long, were easier to crack than comparatively shorter passwords with no apparent structure. To conduct their tests, the researchers developed what they describe as a grammar-aware password-cracking algorithm which uses separate dictionaries for each element of a sentence (i.e. one dictionary for verbs, one for nouns, etc.) to identify any structure within the password. With this cracking tool, they found that passwords with grammatical structure significantly reduced the time needed to crack a password due to the narrowing of possible word combinations and sequences.

A password such as “Th3r3 can b3 only #1!” was cracked in 22 minutes even though it used special symbols and letter substitutions. Compare to the password “Hammered asinine requirements” which took over three and a half hours for the researchers’ algorithm to crack, simply because it lacked a grammatical structure.

It’s studies like these that make us reconsider whether our supposed “strong” passwords are truly as strong as we think they are.


Original article by Jaikumar Vijayan.
Read the full story here.

Latest News
    A Webinar-Movie In our current world of uncertainty there is at least one thing that is certain. Business needs to continue, and that means that it is important for managers to be able to meet with their team even if everyone is working remotely at this point. In this Webinar-Movie, Dan will compare virtual meeting […]
    The One Test… …Is there a Test that Covers 9/11’s of the Battle? Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Twenty years ago two geek-friends and I debated the following question:  “Is there an Audit Test that covers 9/11’s of the battle?” This […]
    PRESS RELEASE – FOR IMMEDIATE RELEASE BUSINESS NEWS NEW EMPLOYEE FOR INFOTEX infotex has just hired Tanvee Dhir, to be a new Data Security Analyst. “Tanvee is an outstanding addition to the team, bringing a new skillset we are eager to utilize.” says Chad Smith, NOC Manager of infotex. “I am really excited to be […]
    While we’re not a news service, we often use current events to comment on trends and our services. This blog is intended to get people thinking about topics and trends in Technology Risk Management, through our article reviews, as well as through original blog articles about current events and our MSSP services (such as our […]
    Seven Trends . . . that small bank Information Security Officers face in 2021 Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Welcome to the Magnificent Seven, my annual predictive article about the seven trends in technology that will impact the Information Security Officers of […]