Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bad Grammar Make Bestest Password, Research Say

Posted by samzenpus on from the power-of-slang dept.

An anonymous reader writes "NewScientist reports, 'Along with birthdays, names of pets and ascending number sequences, add one more thing to the list of password no-nos: good grammar.' Researchers from Carnegie Mellon University seem to have developed a password cracking algorithm that targets grammatically correct passwords. Can bad grammar really make your password secure?"

5 of 193 comments (clear)

  1. Re:My question is this: by eksith · · Score: 4, Insightful

    Easier than sanitizing correctly. Honestly, it's just laziness. There are also some places that actually send you the bloody password from the database when you enter an email (because that's also easier), instead of salt+hashing and just resetting it. And a unicode password would cause issues in the carefully crafted HTML layout of reset email. These are actual excuses I was given by a project manager. He doesn't work with us anymore.

    --
    If computers were people, I'd be a misanthrope.
  2. Re:Randomized passwords are the best by bp+m_i_k_e · · Score: 5, Insightful

    None of your phone numbers are changed every 30/60/90 days, while some of your passwords are.

  3. Re:My question is this: by CodeheadUK · · Score: 5, Insightful

    A paranoid colleague of mine composed passwords with a sprinkling of extended chars. He entered the whole thing on the numeric keypad with ALT held down.

    I've no idea what his password(s) were, but they caused quite a few badly written apps to explode in a spectacular shower of exceptions and unhandled input errors.

  4. Re:Corollary by jones_supa · · Score: 4, Insightful

    Entering wrong infromation for password reminders / security questions.

    My opinion is that password hints and security questions are really just a bad idea which websites should possibly stop to use completely. They can easily ruin the whole security even if your password itself is robust.

  5. Re:Randomized passwords are the best by maxwells_deamon · · Score: 5, Insightful

    I don't have a different phone number for every person I call. People I call do not make up rules like my phone number must be at least x characters long, must have a special character in it, can not have a special character in it, must not begin with an upper case letter, must begin with a character, must begin with an emoticon ;-)
    and I don't know what other crap they are about to come up with...