It can lead to creation of secure passwords which are easy to remember,[2] although they are still susceptible to brute-force guessing.
Passwords can often be found on sticky notes under keyboards, behind pictures, or hidden among other desktop items—another security risk.
For example, the password "Butterfly" could be munged in the following ways: The substitutions can be anything the user finds easy to remember, and which may increase an attacker's difficulties, such as: For high-security applications, mungeing may not be very effective, because it only adds 2–3 bits of entropy, thus increasing the time needed to perform a brute force dictionary attack by a factor of 4–8.
The increase in search space obtained by mungeing a few characters of a known word is easily matched by the continuous increase in processing power (which is more or less equivalent to "cracking speed") computers have been experiencing for some decades as a result of Moore's Law, although this can be countered for some applications by limiting password attempts to either one per few seconds or 5 per longer period of time, usually five minutes to one hour.
[citation needed] As a rule of thumb, use of single well-known words, including after commonly used munged substitutions, should be avoided.