Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

"Hammered asinine requirements": Now there’s a secure password

  • (Network World)
  • 24 January, 2013 18:08

Youre best off forgetting your grammar lessons when it comes to creating passphrases, according to new research out of Carnegie Mellon University and MIT.

The researchers say that using grammar good or bad can clue in hackers about the words in a multi-word password. And theyve built an algorithm as a proof-of-concept to show it (The team, led by software engineering Ph.D. student Ashwini Rao of CMUs Institute for Software Research, will present its research at the Association for Computing Machinerys Conference on Data and Application Security and Privacy on Feb. 20 in San Antonio.).

[IN THE LABS: 25 of todays coolest networking and computer research projects]

The team tested its grammar-aware password cracking algorithm against 1,434 passwords containing 16 or more characters, and cracked 10% of the dataset via the algorithm.

We should not blindly rely on the number of words or characters in a password as a measure of its security, Rao said, in a statement.

The researchers say that while a password based on a phrase or short sentence can be easier for a user to remember, it also makes it simpler to crack because grammatical rules narrow word choices and structures (in other words, a passphrase with pronoun-verb-adjective-noun would be easier to crack than one made up of noun-verb-adjective).

The researchers found that Hammered asinine requirements, for instance, is harder to crack than even the longer and seemingly clever Th3r3 can only b3 #1!

Passwords in general have come under increasing fire by security pros, as some of the highest profile breaches (LinkedIn, Nvidia) have been the result of password compromises or resulted in passwords (including encrypted ones) being made public.

Googles security team is looking into ways to avoid passwords altogether for logging into websites.

Bob Brown tracks network research in his Alpha Doggs blog and Facebook page, as well on Twitter and Google +

 

Read more about wide area network in Network World's Wide Area Network section.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Alpha, Carnegie Mellon University, Facebook, Google, Mellon, MIT, Nvidia
Comments are now closed.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Carnegie Mellon University, grammar aware password, security, CMU, legal, Wide Area Network, MIT, cybercrime
Latest Blog Posts
Whitepapers
  • All Flash and Databases - Storage Switzerland
    This webcast explores how All-Flash enterprise storage compares to traditional disk-centric arrays. Learn how to best leverage Flash so databases thrive and limitations of I/O disappear, while exploring the pitfalls and peculiarities of Flash, and how to optimise its performance as a storage solution to ensure reliance, predictability and cost savings for a variety of enterprise workloads.
    Learn more »
  • Manufacturing Overview
    An enterprise resource planning (ERP) software solution provides the ability to access the right information, from the right source, at the right time, empowering all users throughout the supply chain. This report explains how your solution can identify the resources needed to capture, produce, ship, and account for customer orders, while supporting the various manufacturing processes.
    Learn more »
  • Is Your IT Infrastructure Keeping Up?
    This helpful infographic demonstrates how, when IT is the backbone of modern business, a converged infrastructure system can solve the challenge of cost, complexity, availability, rapid provisioning and flexibility.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Salary Calculator

Supplied by

View the full Peoplebank ICT Salary & Employment Index

Recent comments

Computerworld
ARN
Techworld
CMO