Munged password

A munged password (pronounced /ˈmʌndʒd/) refers to the practice of creating a password with common replacement strategies^[1] such as replacing 'S' with '$' or '5'. This can be seen as an application of leet speak.

There is a perception that munged passwords are more secure, but modern password cracking tools include rules to account for character substitutions.^[2] Mungeing or leet speak has a minimal effect on password security when uncommon ("low-frequency") substitutions are used, but may decrease password security by providing a false sense of complexity.^[3]^[4]

"Munge" is sometimes backronymmed as Modify Until Not Guessed Easily.^[1] The usage differs significantly from "mung" (Mash Until No Good), as munging implies destruction of data, whereas mungeing implies that the original data can be reconstructed.

Implementation

Adding a number and/or special character to a password might thwart some simple dictionary attacks. For example, the password "Butterfly" could be munged in the following ways:

8uttErfly	"B" gets replaced by 8, a similar looking number, and "e" gets capitalized
Butt3rfl?	"e" gets replaced by 3, a similar looking number, and "y" gets replaced by ? (y, as in "why?")
Bu2Terfly	2 consecutive t's are replaced by "2T" (2 t's)
8u2T3RfL?	A combination of all of the above

The substitutions can be anything the user finds easy to remember, such as:

a=@ or 4
b=8
c=(
d=6
e=3
f=#
g=9
h=#
i=1 or !
k=<
l=1 or i
o=0
q=9
r=2 or 12
s=5, $, or z
t=+ or l
v=> or <
w=uu or 2u
x=%
y=?

References

^ ^a ^b Singh Walia, Kanwardeep; Shenoy, Shweta; Cheng, Yuan (August 2020). An Empirical Analysis on the Usability and Security of Passwords. 2020 IEEE 21st International Conference. IEEE. pp. 1–8. doi:10.1109/IRI49571.2020.00009. ISBN 978-1-7281-1054-7.
^ "leetspeak.rule". GitHub. 2015-12-04. Retrieved 2025-05-02.
^ Medhansh Garg (2022-10-14). "Evaluation of Leet Speak on Password Strength and Security". International Journal of Scientific Research in Science and Technology: 410–422. doi:10.32628/IJSRST229567. ISSN 2395-602X.
^ Li, Wanda; Zeng, Jianping. "Leet Usage and Its Effect on Password Security" (PDF). Retrieved 2025-05-02.

External links

Jargon File entry for munge

[:0-1] Singh Walia, Kanwardeep; Shenoy, Shweta; Cheng, Yuan (August 2020). An Empirical Analysis on the Usability and Security of Passwords. 2020 IEEE 21st International Conference. IEEE. pp. 1–8. doi:10.1109/IRI49571.2020.00009. ISBN 978-1-7281-1054-7.

[2] "leetspeak.rule". GitHub. 2015-12-04. Retrieved 2025-05-02.

[3] Medhansh Garg (2022-10-14). "Evaluation of Leet Speak on Password Strength and Security". International Journal of Scientific Research in Science and Technology: 410–422. doi:10.32628/IJSRST229567. ISSN 2395-602X.

[4] Li, Wanda; Zeng, Jianping. "Leet Usage and Its Effect on Password Security" (PDF). Retrieved 2025-05-02.

[1]

[2]

[3]

[4]

Implementation

See also

References

External links