Leetspeak passwords – predictable and crackable
(Last updated on August 31, 2018)
Leetspeak is a form of modified English that replaces letters with ASCII characters and numbers. Hackers used leetspeak back in the 1980s to disguise their conversations, but now it’s a part of internet culture. Its widespread use has made it a staple of password creation, as it is a way for users to create easy to remember passwords. This is predominately due to complexity rules requiring the use of numbers and symbols.
Leetspeak = weak passwords
Password complexity rules force users to create unique passwords that utilize the four character types: capital letters, lower case letters, numbers, and symbols. It is all about randomizing the passwords and increasing the entropy. Since a random string of characters may not be so easy to remember, users resort to commonly used words or phrases, with character substitutions to satisfy the complexity requirements. For example, if forced to create a password with all the four character types, users can circumvent security with the following: P4$$w0rd. Obviously, this is very predictable, even though it meets the policy requirements.
These passwords can be easily cracked using any number of available cracking applications but they can also be guessed because of their predictability.
Banning bad behavior & passwords
Password complexity is believed to increase security, but it can also lead users to predictable patterns. As such, securing your organizational data requires passwords that are checked against:
- A password blacklist/leaked password list
- Common character substitutions
- Common keyboard patterns
With Specops Password Policy enabled, users cannot fall into vulnerable patterns. Specops Password Policy enables stronger passwords by ensuring that they are truly unique. Even with character complexity requirements enabled, Specops Password Policy can block leetspeak, keyboard patterns, and even appending old passwords with a number or symbol.
To learn more about Specops Password Policy, click here.
Stockholm, Sweden – April 19, 2018. Specops Software announced today the release of Specops Password Policy 6.8. The release enables IT departments to prevent users from circumventing the password dictionary by using character substitutions, also known as leetspeak. Leetspeak is a form of modified English that replaces letters with ASCII characters and numbers. It is…Read More
Fact one, passwords are here to stay, at least for the near future. Fact two, users have not gotten any better at making them stronger, or using additional factors during authentication. To help users with this seemingly impossible task, many web services offer a password strength meter during the account signup process. With its uncanny…Read More
Passwords are the thin layer protecting your organization’s sensitive data from the unknown. It is no surprise that many of the recent data breaches are the result of their compromise. In 2016, three billion credentials were stolen worldwide. The cycle continues as stolen credentials in one breach are then tested against other log-ins. With a…Read More