Bad Grammar Makes Good Passwords

Pets? Out. Dates of yours and your family? Out. Favorite Sports team? Shouldn’t do it. Name of you pet, children, favorite milkman? Nope. Grammatical errors? Now you’re talking.It’s getting harder and harder to make a password that is both easy to remember yet hard to crack. An algorithm developed by Ashwini Rao and colleagues at Carnegie Mellon University in Pittsburgh, Pennsylvania has no problem cracking even the longest of passwords when they make grammatical sense used in a whole phrase, even if it’s used with symbols and numbers.

The algorithm makes guesses by combining words and phrases from password-cracking databases into grammatically correct phrases. Other programs make guesses based on each words in their database – “Dogs” to “Dogsdogs” and “Dogssgod”, but can’t make the grammatical math of combining multiple words in a way that makes sense, like “Ihave3dogs.”

A $3000 computer running appropriate algorithms can make 33 billion password guesses every second. In a paper due to be presented next month, the researchers suggest that other types of familiar structures like postal addresses, email addresses and URLs may also make for less secure passwords, even if they are long. Time to start making a lot of mistakes when you think of your password.