Munged password
Template:Short description Template:Distinguish
A munged password (pronounced Template:IPAc-en) refers to the practice of creating a password with common replacement strategies<ref name=":0">Template:Cite conference</ref> such as replacing 'S' with '$' or '5'. This can be seen as an application of leet speak.
There is a perception that munged passwords are more secure, but modern password cracking tools include rules to account for character substitutions.<ref>Template:Cite web</ref> Mungeing or leet speak has a minimal effect on password security when uncommon ("low-frequency") substitutions are used, but may decrease password security by providing a false sense of complexity.<ref>Template:Cite journal</ref><ref>Template:Cite web</ref>
"Munge" is sometimes backronymmed as Modify Until Not Guessed Easily.<ref name=":0"></ref> The usage differs significantly from "mung" (Mash Until No Good), as munging implies destruction of data, whereas mungeing implies that the original data can be reconstructed.
Implementation
Adding a number and/or special character to a password might thwart some simple dictionary attacks. For example, the password "Butterfly" could be munged in the following ways:
| 8uttErfly | "B" gets replaced by 8, a similar looking number, and "e" gets capitalized |
| Butt3rfl? | "e" gets replaced by 3, a similar looking number, and "y" gets replaced by ? (y, as in "why?") |
| Bu2Terfly | 2 consecutive t's are replaced by "2T" (2 t's) |
| 8u2T3RfL? | A combination of all of the above |
The substitutions can be anything the user finds easy to remember, such as:
| a=@ or 4 |
| b=8 |
| c=( |
| d=6 |
| e=3 |
| f=# |
| g=9 |
| h=# |
| i=1 or ! |
| k=< |
| l=1 or i |
| o=0 |
| q=9 |
| r=2 or 12 |
| s=5, $, or z |
| t=+ or l |
| v=> or < |
| w=uu or 2u |
| x=% |
| y=? |