An investigation of the security of passwords derived from African languages

An investigation of the security of passwords derived from African languages

There have been several studies on country based passwords by authors but there has been a lack of focused study on the type of passwords that are being created in Africa and whether there are benefits in creating passwords in an African language.For this research, password databases containing LAN Manager and NT LAN Manager hashes extracted from South African organisations, were obtained to gain an understanding of user behaviour in creating passwords. Analysis of the passwords obtained from these hashes showed that many organisational passwords are based on the English language. This is understandable considering that the business language in South Africa is English even though South Africa has official 11 languages. African language based passwords were derived from known English weak passwords and some of the passwords were appended with numbers and special characters. The African based passwords were then uploaded to the Internet to test the security around using passwords based on African languages.Most of the passwords were able to be cracked by third-party researchers, we conclude that any password that is derived from known weak English words marked no improvement in the security of a password written in an African language,especially the more widely spoken languages.

Presented by