London: The secret to finding more secure passwords could be straightforward - just don't use good grammar or spelling, scientists including an Indian-origin researcher have suggested. Ashwini Rao and colleagues at Carnegie Mellon University researched the current generation of password cracking systems and found that many people, on being asked to choose longer passwords, made them just as easy to guess.
"Use of long sentence-like or phrase-like passwords such as 'abiggerbetterpassword' and 'thecommunistfairy' is increasing," the researchers said in their paper. They said that other types of familiar structures like postal addresses, email addresses and uniform resource locators (URLs) may also make for less secure passwords, even if they are long, the Daily Mail reported.
Scientists said bad grammar can make a huge difference, as hackers are increasingly searching for passwords using correct grammar and spellings in 'brute force' attacks that simply run through combinations of words in a dictionary. Incorrect spelling and grammar can fool many of these attacks, the team found.
"Using an analytical model based on Parts-of-Speech tagging we show that the decrease in search space due to the presence of grammatical structures can be as high as 50 per cent," they said.
Researchers found that in general, asking users for longer passwords didn't work. "A significant result of our work is that the strength of long passwords does not increase uniformly with length," they said. The team also developed an algorithm to improve the cracking of long passwords. The study will be presented at the Conference on Data and Application Security and Privacy in San Antonio, Texas.