Use of grammar-based passwords not always capable of being safe
San Francisco, CA -- (SBWIRE) -- 01/29/2013 -- The use of a long phrase or short sentence as a password may not be as secure as some would want to believe according to some experts.
Researchers at the Carnegie Mellon University's Institute of Software Research have found that a long password that incorporates grammar are easier to crack than a short password without structure.
The researched tested nearly 1,500 passwords that contained 16 or more characters against a grammar-aware password-cracking algorithm. The equation found that grammatical structure can often undermine security.
Ashwini Rao, a Carnegie Mellon software engineer, stated that while phrases can make passwords easier to remember, the grammatical structure can significantly narrow possible word combinations and sequences need to guess correctly.
"We should not blindly rely on the number of words or characters in a password as a measure of its security," said Rao who is scheduled to present the findings of the study on Feb. 20 at the Association for Computing Machinery's Conference on Data and Application Security.
"I've seen password policies that say, 'Use five words,'" Rao said in a statement. "If four of those words are pronouns, they don't add much security."
Passwords that were used in the study were gleaned from published research papers on password strength that was presented at an IEEE security conference in 2012.
Nearly 18% of all passwords were defined with grammatical structures of two or more dictionary-based words, according to Rao.
Several passwords contained types of structures such as email addresses, while others uses sentence structure, and sometimes contained numbers in the place of letters (L33tsp3ak).
The research team described what was a proof-of-concept grammar-aware password-cracking tool. The team discovered that the strength of a password often had less to do with length. It found that two passwords of identical length can differ in strength according to the magnitude of its dependency on the grammar used.
About Click Studios
Click Studios (http://www.clickstudios.com.au/) provides software and product for quality security and password recovery needs through the password management software. Find the password manager software that will help a company or project remain protected, so people can focus on what really matters.
Copyright © 2005-2013 - SBWire, The Small Business Newswire - All Rights Reserved - Important Disclaimer
Contact Us: 888-4-SBWIRE (US) - 920-321-1250 (International)