查看文章

Enterprise password policies require the use of complex passwords that contain lowercase and uppercase letters, numbers and symbols. Considering this common requirement, end-users tend to create complex (!) passwords containing certain patterns which make such passwords guessable and therefore insecure. Replacement pattern is one of these pattern-types and substitutes a number or symbol for a certain letter. As an example, the letter “o” is replaced with 0 (zero) and password becomes password. Even though passw0rd contains a number and is assumed a strong password, its replacement pattern can be misused to guess it successfully and crack it easily. In our research, we performed an automated analysis of ca. 14.5 million real-life leaked passwords to identify all possible replacement patterns. We identified 43 different replacement-types at the end of the analysis. These identified replacement …