Long security passwords may be yesterday's news

A new study from Carnegie Mellon University shows that the widely held belief that long passwords are safer may be unraveled by new hacking programs.

The assumption that a long, carefully crafted password will protect your devices against all hacking may soon be another Internet fallacy. Researcher Ashwini Rao of Carnegie Mellon University has found that the popular use of long passwords is not particularly a good choice for securing your data.

Instead, against all English teachers' better instincts, Rao says bad grammar is the way to go.

In a study entitled "Effect of Grammar on Security of Long Passwords," Rao and colleagues found that of the 1,500 users they studied, a full 18 percent chose easier-to-remember grammatical phrases, street addresses and URLs to create long passwords.

Although current popular password-cracking programs such as John the Ripper and Hashcat do not focus entirely on grammar in their algorithms, Rao warns that programs are becoming more sophisticated and would be able to more readily recognize "long sentence-like or phrase-like passwords such as 'abiggerbetterpassword' and 'thecommunistfairy.'"

In fact, the team developed its own "proof-of-concept grammar-aware cracking algorithm to improve the cracking efficiency of long passwords," according the study, and were able to crack 10 percent of the passwords in their data that other programs could not crack.

Rao's password cracker specifically targeted grammatically correct turns of phrase that are so popular with users.

The study implies that shorter, randomized passwords containing numbers, characters and letters may be the best choice. Alternately, poor grammar, for once, may be your friend, with passwords such as "Forcewithyoumaybe" proving more impervious to cracking.

----------


MSN News on Facebook and Twitter

Stay up to date on breaking news and current events.

Friend us on Facebook: www.facebook.com/news.msn

Follow us on Twitter: www.twitter.com/msnnews