Study Reveals Grammatical Structure Severely Undermines Password Strength
A new research study on the effectiveness of passwords may make you reevaluate the strength of your passwords.
A study conducted by researchers at Carnegie Mellon University’s Institute for Software Research shows that what we once thought of as strong passwords may not be so strong any more. The key, they have found, is grammar.
Results from the study found that passwords that incorporated grammatical structure, no matter how long, were easier to crack than comparatively shorter passwords with no apparent structure. To conduct their tests, the researchers developed what they describe as a grammar-aware password-cracking algorithm which uses separate dictionaries for each element of a sentence (i.e. one dictionary for verbs, one for nouns, etc.) to identify any structure within the password. With this cracking tool, they found that passwords with grammatical structure significantly reduced the time needed to crack a password due to the narrowing of possible word combinations and sequences.
A password such as “Th3r3 can b3 only #1!” was cracked in 22 minutes even though it used special symbols and letter substitutions. Compare to the password “Hammered asinine requirements” which took over three and a half hours for the researchers’ algorithm to crack, simply because it lacked a grammatical structure.
It’s studies like these that make us reconsider whether our supposed “strong” passwords are truly as strong as we think they are.
Original article by Jaikumar Vijayan.
Read the full story here.
In this short video, Mike, our “Envoy from the SIEM”, walks us through how data flows
Dan’s reflection on the past 20 years. A Dan’s New Leaf post about predictions. If yo
Welcome Webinar Attendees! You can download a zip folder with all three of the delive
Another awareness poster for YOUR customers (and users). Now that we have our own em