[ISN] ‘Andyhave3cats’ is a better password than ‘Shehave3cats, ‘ study finds

https://www.computerworld.com/s/article/9236227/_Andyhave3cats_is_a_better_password_than_Shehave3cats_study_finds By Jaikumar Vijayan Computerworld January 25, 2013 Using a long phrase or a short sentence as a password may not be as secure as some security experts think. Researchers at Carnegie Mellon University’s Institute for Software Research have found that long passwords that incorporate grammar — good or bad — are easier to crack than short passwords without structure. The research team tested more than 1,400 passwords containing 16 or more characters against a grammar-aware password-cracking algorithm and found that grammatical structure can undermine security. Ashwini Rao, a Carnegie Mellon software engineering doctoral student and the lead researcher on the project, said that while phrases and sentences can make passwords easier to remember, their grammatical structure significantly narrows the possible word combinations and sequences that hackers — and their tools — need to guess. […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org