Contemporary Engineering Sciences, Vol. 8, 2015, no. 9, 367 - 374 HIKARI Ltd, www.m-hikari.com http://dx.doi.org/10.12988/ces.2015.5252 An Analysis of CFG Password Against Brute Force Attack for Web Applications S. Vaithyasubramanian Sathyabama University, Chennai, India A. Christy Sathyabama University, Chennai, India Copyright © 2015 S. Vaithyasubramanian and A. Christy. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Abstract In this paper, we report on a study of brute force attack on CFG passwords. Alphanumeric Passwords are the common and usual mode of authentication for a range of online login. Human proclivities in creating Password draw hackers and enthusiastic Password Crackers to crack down password easily using various techniques, with accessible computing power and available large number of tools. Common attacks on passwords are Brute force attack, Dictionary attack and Hybrid attack. A new method of Alphanumeric Password Authentication for user login is “CFG Password”. Context free Grammar Passwords are a class of Alphanumeric Password which differs uniquely from random passwords with certain specifications. CFG passwords are created using the model of the Context Free Grammar. This technique can be used as authentication for web applications. Analysis on CFG Password against Brute force attack is carried out using two open source tools. Comparative analysis has been carried out, based on that suggestions are given to create strong CFG Password for Secured System and where, how it can be used. Keywords – Password Authentication; Information Security; Alphanumeric Password; CFG Password; Brute force Attack 1 Introduction Passwords have been used for the purpose of authentication since Roman Periods.