Munged password
A munged password refers to the practice of creating a password with common replacement strategies such as replacing 'S' with '$' or '5'. This can be seen as an application of leet speak.
There is a perception that munged passwords are more secure, but modern password cracking tools include rules to account for character substitutions. Mungeing or leet speak has a minimal effect on password security when uncommon substitutions are used, but may decrease password security by providing a false sense of complexity.
"Munge" is sometimes backronymmed as Modify Until Not Guessed Easily. The usage differs significantly from "mung", as munging implies destruction of data, whereas mungeing implies that the original data can be reconstructed.
Implementation
Adding a number and/or special character to a password might thwart some simple dictionary attacks. For example, the password "Butterfly" could be munged in the following ways:| 8uttErfly | "B" gets replaced by 8, a similar looking number, and "e" gets capitalized |
| Butt3rfl? | "e" gets replaced by 3, a similar looking number, and "y" gets replaced by ? |
| Bu2Terfly | 2 consecutive t's are replaced by "2T" |
| 8u2T3RfL? | A combination of all of the above |
The substitutions can be anything the user finds easy to remember, such as: