[…]there’s an Achilles’ heel in creating phrase-based passwords. It’s the fact that most English speakers will craft phrases that make sense.
Ashwini Rao and Gananand Kini at Carnegie Mellon and Birenda Jha at MIT have developed proof-of-concept password-cracking software that takes advantage of that weakness. It cracks long passwords, and beats existing cracking software, simply by following rules of English grammar.
“Using an analytical model based on parts-of-speech tagging, we show that the decrease in search space due to the presence of grammatical structures can be as high as 50 percent,” the researchers write in their paper.
Bad grammar makes for good passwords:
Instead, get creative. Try poor grammar and spelling, as in “de whippoorsnapper sashay sideway,” or get completely silly, as in “flipper flopper fliddle fladdle.”
It doesn’t matter how correct it is, as long as you can easily remember it.