Is bad spelling the key to a good password?

English lesson

Research by PhD student Ashwini Rao at the Carnegie Mellon University has revealed that the secret to a better password may be bad spelling and poor grammar. It's one in the eye for English teachers everywhere.

But how can you use it to your advantage?%VIRTUAL-SkimlinksPromo%

Poor passwords

Everything in life requires a password nowadays - from accessing your bank account to reading your emails - so many of us struggle to remember them. As a consequence the majority of people opt for something simple and memorable. The trouble is that, as we reported last summer, it means a huge number of people opt for the same thing.

ESET, a Slovakian company, researched the most commonly hacked passwords, and found that the worst - and most commonly hacked - password was 123456, followed by 'password' and 'welcome'.

Better passwords

It means that we are having to look further afield, and according to Rao's report, more people are making a password by throwing together a sequence of words. She says that 18% of all internet users now take this approach. This, she says, could include passwords like 'abiggerbetterpassword' or 'thosedarnhackers'. This, she says, is a great development and a "promising user authentication mechanism."

However, she used common hacking tools, and applied these to typical longer passwords to discover that while they were better than simple common passwords, they were still crackable. She highlighted that having a longer password did not make it automatically less easy to hack. She added that: "postal addresses, email addresses and URLs present within long passwords" may also make them less secure.

Even better passwords

She noticed that a few things made them harder to crack. First was the presence of longer words within the string of words, and the second was the use of poor grammar.

The ideas is that hacker technology will work on the assumption that you are using correct grammar when it makes its guesses, so you can fox it by getting things wrong. The same theory applies to poor spelling - which would confuse a hacking tool configured only to try words that are in the dictionary.

So how can you use this to your advantage?

As Rao says, a string of words is a better option than a single, guessable word. Any phrase is better than nothing, but something with a bit of poor spelling and bad grammar could help, with a few symbols thrown in for good measure.

This could be something like "Pineapplesi$nise" or "Exitingplan$isafoot". The only challenge will be to remember the phrase, where the symbols sit, and the deliberate mistakes.

But what do you think? Is your password secure? Let us know in the comments.

The most popular/worst passwords

1. password
2, 123456
3. 12345678
4. abc123
5. qwerty
6. monkey
7. letmein
8. dragon
9. 111111
10. baseball
11. iloveyou
12. trustno1
13. 1234567
14. sunshine
15. master
16. 123123
17. welcome
18. shadow
19. ashley
20. football
21. jesus
22. michael
23. ninja
24. mustang
25. password1
Read Full Story