Password Replacement Patterns

Enterprise password policies require the use of complex passwords that contain lowercase and uppercase letters, numbers and symbols. Considering this common requirement, end-users tend to create complex (!) passwords containing certain patterns which make such passwords guessable and therefore insecure. Replacement pattern is one of these pattern-types and substitutes a number or symbol for a certain letter. As an example, the letter "o" is replaced with 0 (zero) and password becomes passw0rd. Even though passw0rd contains a number and is assumed a strong password, its replacement pattern can be misused to guess it successfully and crack it easily. In our research, we performed an automated analysis of ca. 14.5 million real-life leaked passwords to identify all possible replacement patterns. We identified 43 different replacement-types at the end of the analysis. These identified replacement patterns can be utilized to improve dictionary-attacks, especially for forensic investigations. In this paper, we explain our methodology to identify replacement patterns, all possible replacement types with their examples, Top 5 replacement patterns with examples as well as the elimination of false-positive cases in detail.