How bad spelling and grammar could be the key to choosing a good password
- Researchers say that good grammar makes passwords far easier to crack
- Warn against using sentences as passwords
Birthdays, pet names and your place of birth are already huge no-nos when choosing a secure password.
But researchers said today that the key to finding more secure passwords could be straightforward - just don't use good grammar or spelling.
Ashwini Rao and colleagues at Carnegie Mellon University researched the current generation of password cracking systems.
'Use of long sentence-like or phrase-like passwords such as 'abiggerbetterpassword' and 'thecommunistfairy' is increasing,' the researchers say in their paper, due to be presented at the Conference on Data and Application Security and Privacy in San Antonio, Texas, next month.
The researchers say that other types of familiar structures like postal addresses, email addresses and URLs may also make for less secure passwords, even if they are long.
They say bad grammar can make a huge difference, as hackers are increasingly searching for passwords using correct grammar and spellings in 'brute force' attacks that simply run through combinations of words in a dictionary.
Incorrect spelling and grammar can fool many of these attacks, the team found.
They found that in general, asking users for longer passwords didn't work.
'A signiﬁcant result of our work is that the strength of long passwords does not increase uniformly with length,' they said.
The team also developed an algorithm to improve the cracking of long passwords.
CHOOSING A SAFE PASSWORD
- Use passwords of eight characters or more with mixed types of characters.
- For example, 'eat cake at 8!' or 'car_park_city?'
- Avoid using the same username/password combination for multiple websites.
- Especially risky is using the same password for entertainment sites that you do for online email, social networking, and financial services.