The Bulletin

What makes a good password? Bad grammar.

Posting in Technology

Some of the passwords we use are downright embarrassing ("password" as your password, really?!). Despite the password being a flawed digital security tool, there are plenty of ways to create a strong, secure password. And now you can add bad grammar to that list.

One common password assumption is that longer passwords are better. The problem with the long password, however, is that users gravitate to something easier to remember (a phrase, for instance) that usually has good grammatical structure. But in a study by Ashwini Rao at Carnegie Mellon University, researchers developed an algorithm that could easily crack long passwords that made grammatical sense. "[W]hen users choose sentence-like or phrase-like passphrases, due to grammatical structures the search space and guessing effort will decrease," the study said. As New Scientist explains:

Rao's algorithm makes guesses by combining words and phrases from password-cracking databases into grammatically correct phrases. While other cracking programs make multiple guesses based on each word in a database, putting in "catscats" and "catsstac" as well as just the word "cats", none of the programs make the jump to combine multiple words or phrases in a way that makes grammatical sense, like "Ihave3cats", for instance.

Based on the algorithm, the researchers were able to crack 10 percent of the long passwords that couldn't be cracked by other well-known password-cracking algorithms.

And with machines that can now make 33 billion password guesses per second selling for less than $3,000, as the study points out, password security is even more important.

Bad grammar make good password, research say [New Scientist]

Photo: Flickr/Jonathan_W


— By on January 17, 2013, 5:43 AM PST

Tyler Falk

Contributing Editor

Tyler Falk is a freelance journalist based in Washington, D.C. Previously, he was with Smart Growth America and Grist. He holds a degree from Goshen College. Follow him on Twitter. Disclosure