Bad Grammar Make Bestest Password, Research Say

An anonymous reader writes "NewScientist reports, 'Along with birthdays, names of pets and ascending number sequences, add one more thing to the list of password no-nos: good grammar.' Researchers from Carnegie Mellon University seem to have developed a password cracking algorithm that targets grammatically correct passwords. Can bad grammar really make your password secure?"

Of coarse

[ArcadeMan]

Shekuritee bai aubskureeti.

Re:obvisouly

[Dexter+Herbivore]

I was going to post "frist!" but that's my password.

Article is very light on details

[parallel_prankster]

Are there infinite ways to screw grammar while creating password? I would think there are certain patterns in which people mis-use grammar. I would imagine though that at some point if every one started using bad grammar styles for constructing passwords, that those patterns would become identifiable and then someone would put together a password cracker that would deal with poor-grammar-filled passwords as well right? I couldn't find the exact paper to read but the example on the website "ihave3cats" seems to be a like a language thing that can be identified at some point by some urban dictionary reader!

Re:My question is this:

[eksith]

Easier than sanitizing correctly. Honestly, it's just laziness. There are also some places that actually send you the bloody password from the database when you enter an email (because that's also easier), instead of salt+hashing and just resetting it. And a unicode password would cause issues in the carefully crafted HTML layout of reset email. These are actual excuses I was given by a project manager. He doesn't work with us anymore.

Re:Randomized passwords are the best

[bp+m_i_k_e]

None of your phone numbers are changed every 30/60/90 days, while some of your passwords are.

Re:Randomized passwords are the best

[ArcadeMan]

I don't memorize phone numbers, I memorize the 3x4 grid pattern required to dial it.

Re:My question is this:

[CodeheadUK]

A paranoid colleague of mine composed passwords with a sprinkling of extended chars. He entered the whole thing on the numeric keypad with ALT held down.

I've no idea what his password(s) were, but they caused quite a few badly written apps to explode in a spectacular shower of exceptions and unhandled input errors.

Re:Corollary

[jones_supa]

Entering wrong infromation for password reminders / security questions.

My opinion is that password hints and security questions are really just a bad idea which websites should possibly stop to use completely. They can easily ruin the whole security even if your password itself is robust.

If Music Be The Food Of Love, Log In

[the+monolith]

Instead of using words, how about playing the keyboard as if it were a piano (or any other keyboard-like instrument)

Here is an example of a musical login: pvy89pvvv[890[]vv

For this example, position your right hand with the thumb on the 'v' key, then play the sequence as if they were notes, then listen to C.P.E. Bach - Minuet In G Major for what it should really sound like.

If you like impressive music, try: uppvyuvyyyyuyvvyuvyuppvyuvyyyyuyvvyuyv
Leo Arnaud - Buglers Dream

Re:Randomized passwords are the best

[maxwells_deamon]

I don't have a different phone number for every person I call. People I call do not make up rules like my phone number must be at least x characters long, must have a special character in it, can not have a special character in it, must not begin with an upper case letter, must begin with a character, must begin with an emoticon ;-)
and I don't know what other crap they are about to come up with...

Re:Randomized passwords are the best

[houghi]

Perhaps not mine, but all the women I meet have a new phone number within 24 hours.