Ashwini Rao and her colleagues at Carnegie Mellon University recently created an algorithm that is able to guess passwords by combining groups of words that make sense grammatically. With this algorithm, which used words and phrases from other password-cracking databases, they uncovered long passwords that stronger and more popular algorithms weren’t able to decipher. Rao and her team will present their findings at the Conference on Data and Application Security and Privacy, to be held next month in San Antonio.
What’s the Big Idea?
Several recent articles have encouraged people to change their passwords to something that wouldn’t be easily guessed by hackers. Long passwords are usually recommended, but the combinations of letters and numbers often suggested are hard to remember. The team’s findings suggest that incorrect grammar in a password phrase may not be a bad idea. If you still want another option, consider this additional recommendation: “Other types of familiar structures like postal addresses, email addresses and URLs may also make for less secure passwords, even if they are long.”