Grammatically Correct Passwords are More Prone to be Hacked

January 19, 2013, By Sanjeev Ramachandran

During the formative years of the web, passwords worked pretty well. This was due largely to how little data they actually needed to protect.

Our passwords were limited to a handful of applications: an ISP for email and maybe an E-Commerce site or two. But this is not the case right now.

We use passwords for almost every site and a latest study has shown that grammatically correct passwords can be hacked easier than the others.


Ashwini Rao and her colleagues at Carnegie Mellon University researched the current generation of password cracking systems.

They found that many people, on being asked to choose longer passwords, made them just as easy to guess as they always chose a grammatically correct sentence like ‘i hate my job’ or ‘ilovemyfamily’. The researchers say that other types of familiar structures like postal addresses, email addresses and URLs may also make for less secure passwords, even if they are long.

They say bad grammar can make a huge difference, as hackers are increasingly searching for passwords using correct grammar and spellings in ‘brute force’ attacks that simply run through combinations of words in a dictionary. Incorrect spelling and grammar can fool many of these attacks, the team found.

So how can we create stable passwords? Here are some tips.

Use passwords of eight characters or more with mixed types of characters. For example, ‘go sleep at 10’ or ‘car_park_city?’.

Avoid using the same username/password combination for multiple websites. Especially risky is using the same password for entertainment sites that you do for online email, social networking, and financial services.

© 2008-2012 - All rights reserved | Privacy Policy