Smart Password Mutations Explained

April 15th, 2009 by Katerina Korolkova, PR Director

Strong passwords are mutated passwords. Everyone who publishes recommendations on creating secure password says that you have to use both upper- and lower-case letters and inject some tricky special characters. Such recommendations may result in p@$$words and pAsswOrds, and p_a_s_s_w_o_r_d_s. The fact is that modern password recovery software uses dictionary attack to get one’s password back. Dictionary attack means searching lists of dictionary words and common phrases that can be found on the Internet or delivered with the software. It is easy to grab that dictionary words and word phrases make bad passwords, but one has to understand that adding special characters to these words and phrases does’t do them any good. Such password can be easily cracked when smart mutations option is on. 

We give you a tip on word mutations implemented by modern password cracking tools, so that you can create really strong passwords for your files and accounts.

  • Case mutations: the program checks all variations of uppercase/lowercase letters for any character in a password.
  • Order mutations: character order is reversed (i.e. password becomes drowssap), a word is repeated several times (passwordpassword); the reversed word can be added to the normal one (passworddrowssap). 
  • Vowels mutations: vowels can be omitted (psswrd) or made big/small (pAsswOrd, PaSSWord).
  • Strip mutations: one character is removed like in assword or pssword.
  • Swap mutations: characters swap and change places (e.g. psasword).
  • Duplicate mutations: some characters are duplicated (ppassword, paassword).

Now digits and special characters come into play:

  • Digit mutations: digits are added at the beginning or at the end of a word (1passowrd, password2).
  • Year mutations: year is added to the end of a word (password2009).
  • Border mutations: commonly used combinations of digits and special symbols can be added at the end or at the beginning, or both (password123, #password#, password007). 
  • Delimiter mutations: delimiters are added between characters (e.g. p.a.s.s.w.o.r.d, p-a-s-s-w-o-r-d)
  • Freak mutations: letters are replaced with similarly looking special symbols like in p@ssw0rd or p@$$word. 
  • Abbreviation mutations: common abbreviations used as substitute for words (Umean2secure4hackers).

Now, if you need a strong password, outsmart the smart mutations!!


Tags: , , ,

Sign up for free ElcomSoft Password Recovery Software newsletter

2 Responses to “Smart Password Mutations Explained”

  1. KARPOLAN says:

    Never use cat’s name as a password!

    But, I don’t care… $4F&KiTtY%3!5+5*5 is great name for the pet :)

    BTW, do you have dictionary for this: <tKtTn-GfHeC-jLbYjRbQ?

  2. BTW, do you have dictionary for this: <tKtTn-GfHeC-jLbYjRbQ?

    We’ve added it, change the password :)

Leave a Reply