Often times an enterprise implements password administration for its online resources via the use of a dictionary. That is, the dictionary is used to detect when a user is trying to create a password having a common word in it that may be perceived as being more susceptible to being compromised by an intruder.
These dictionaries are generally not domain specific. For example, employees at a gardening store are more likely to use words such as “wisteria,” “deciduous,” and/or “perennial” than employees that work in a shipping yard.
Thus, a hacker, who is trying to attack a password-based system and who understands the enterprise that he/she is attacking, stands a much better chance of success by using domain-specific terminology in the attempts to generate passwords for access.
It may also be the case that a close knit set of employees all share a common interest with one another or common extracurricular activities. Such that, if one employee became hostile and lost his/her job, then that particular employee would likely understand the terminology the employees used with one another and would likely stand a decent chance of cracking a password for one of the employees that remain with the enterprise. This is so, because users have a tendency to make passwords words or phrases that are some how meaningful to them and their lives. This makes it easier for a user to remember his/her password but also creates a security loop hole that savvy hackers can take advantage of.
Thus, what is needed is a mechanism, which permits dynamic generation and management of password dictionaries.