"Hammered asinine requirements": Now there’s a secure password
- 24 January, 2013 18:08
Youre best off forgetting your grammar lessons when it comes to creating passphrases, according to new research out of Carnegie Mellon University and MIT.
The researchers say that using grammar good or bad can clue in hackers about the words in a multi-word password. And theyve built an algorithm as a proof-of-concept to show it (The team, led by software engineering Ph.D. student Ashwini Rao of CMUs Institute for Software Research, will present its research at the Association for Computing Machinerys Conference on Data and Application Security and Privacy on Feb. 20 in San Antonio.).
The team tested its grammar-aware password cracking algorithm against 1,434 passwords containing 16 or more characters, and cracked 10% of the dataset via the algorithm.
We should not blindly rely on the number of words or characters in a password as a measure of its security, Rao said, in a statement.
The researchers say that while a password based on a phrase or short sentence can be easier for a user to remember, it also makes it simpler to crack because grammatical rules narrow word choices and structures (in other words, a passphrase with pronoun-verb-adjective-noun would be easier to crack than one made up of noun-verb-adjective).
The researchers found that Hammered asinine requirements, for instance, is harder to crack than even the longer and seemingly clever Th3r3 can only b3 #1!
Passwords in general have come under increasing fire by security pros, as some of the highest profile breaches (LinkedIn, Nvidia) have been the result of password compromises or resulted in passwords (including encrypted ones) being made public.
Googles security team is looking into ways to avoid passwords altogether for logging into websites.
Read more about wide area network in Network World's Wide Area Network section.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
Why IT projects really fail
The enlightened CIO’s guide to running projects
Why IT projects really fail
Queensland government to provide 200 services online by 2015
Call Centers Suffer From Big Data Overload
Pathways Course Curriculum 2014
Developed by the CIO Executive Council, Pathways is a unique, flexible, self-managed, self-paced 12-month professional development program that brings together best practices, thought leadership and business insights for today’s most promising ICT professionals. Pathways is designed and delivered by leading local and global CIOs; enabling participants to capitalise on mentor CIOs personal experiences, expertise and knowledge.
The “Enterprisation” of Mobile Apps – Moving from Corporate Liability to Business Asset
Many companies have established mobility as a core strategic technology, deploying corporate liable devices and allowing personally liable devices to connect to their networks and back-office applications. Yet few companies have established a realistic strategy of how to make the apps being utilised by end users truly enterprise controlled, secured and managed. Download to find out more!
The Evolution and Value of Purpose-Built Backup Appliances
Customers today are still grappling with subpar backup performance as systems outstrip the allotted backup window time. Strategies for data protection and recovery continue to be dictated by aggressive SLAs, rapid recovery, and ease of integration in existing environments. As a result, firms have started to embrace more disk-based data protection technologies, including purpose-built backup appliances (PBBAs) to protect and recover data and applications. This white paper explores the measurable benefits of PBBA systems for customers, with a focus on the increased use and adoption patterns of both integrated and targeted systems.