"Hammered asinine requirements": Now there’s a secure password
- 24 January, 2013 18:08
Youre best off forgetting your grammar lessons when it comes to creating passphrases, according to new research out of Carnegie Mellon University and MIT.
The researchers say that using grammar good or bad can clue in hackers about the words in a multi-word password. And theyve built an algorithm as a proof-of-concept to show it (The team, led by software engineering Ph.D. student Ashwini Rao of CMUs Institute for Software Research, will present its research at the Association for Computing Machinerys Conference on Data and Application Security and Privacy on Feb. 20 in San Antonio.).
The team tested its grammar-aware password cracking algorithm against 1,434 passwords containing 16 or more characters, and cracked 10% of the dataset via the algorithm.
We should not blindly rely on the number of words or characters in a password as a measure of its security, Rao said, in a statement.
The researchers say that while a password based on a phrase or short sentence can be easier for a user to remember, it also makes it simpler to crack because grammatical rules narrow word choices and structures (in other words, a passphrase with pronoun-verb-adjective-noun would be easier to crack than one made up of noun-verb-adjective).
The researchers found that Hammered asinine requirements, for instance, is harder to crack than even the longer and seemingly clever Th3r3 can only b3 #1!
Passwords in general have come under increasing fire by security pros, as some of the highest profile breaches (LinkedIn, Nvidia) have been the result of password compromises or resulted in passwords (including encrypted ones) being made public.
Googles security team is looking into ways to avoid passwords altogether for logging into websites.
Read more about wide area network in Network World's Wide Area Network section.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
Why change management doesn’t work
Larry Page wants to see your medical records
Dual-Persona Smartphones Not a BYOD Panacea
After two-year hiatus, EFF accepts bitcoin donations again
CIOs struggle to deliver timely mobile business apps: survey
Cloud Computing for Midsize Businesses: Delivering Innovation and Efficiency
It’s time for midsize companies to start thinking differently about infrastructure. This white paper provides a brief overview of cloud computing, explains how midsize companies can benefit, and describes the steps they can take to take advantage of what it has to offer. Read now.
Best Practices for Migrating to SharePoint 2013
This white paper details a number of best practices for migrating to SharePoint 2013. These best practices also apply to migrations to most earlier versions of SharePoint. Download now.
Unleashing the Power of Information
If business-relevant information is not well managed, secured and analysed, it can become an underutilized asset or—worst case—a legal and competitive liability. Nearly all of the IT and business executives who responded to a recent survey recognise this risk, and say they understand the importance of having an enterprise information management (EIM) strategy. Find out more on how to reduce costs, improve competitiveness and avoid risk by making information management an enterprisewide strategic priority.