Password Strength

Only available on StudyMode
  • Download(s) : 100
  • Published : February 3, 2013
Open Document
Text Preview
A password is a secret word or string of characters that is used for user authentication to prove identity, or for access approval to gain access to a resource (example: an access code is a type of password). The password should be kept secret from those not allowed access. The use of passwords is known to be ancient. Sentries would challenge those wishing to enter an area or approaching it to supply a password or watchword, and would only allow a person or group to pass if they knew the password. In modern times, user names and passwords are commonly used by people during a log in process that controls access to protected computer operating systems, mobile phones, cable TV decoders, automated teller machines (ATMs), etc. A typical computer user has passwords for many purposes: logging in to accounts, retrieving e-mail, accessing applications, databases, networks, web sites, and even reading the morning newspaper online.

Despite the name, there is no need for passwords to be actual words; indeed passwords which are not actual words may be harder to guess, a desirable property. Some passwords are formed from multiple words and may more accurately be called a passphrase. The term passcode is sometimes used when the secret information is purely numeric, such as the personal identification number (PIN) commonly used for ATM access. Passwords are generally short enough to be easily memorized and typed. Most organizations specify a password policy that sets requirements for the composition and usage of passwords, typically dictating minimum length, required categories (e.g. upper and lower case, numbers, and special characters), prohibited elements (e.g. own name, D.O.B., address, telephone number). Some governments have national authentication frameworks[1] that define requirements for user authentication to government services, including requirements for passwords.

Contents [hide]
1 Memorization and guessing
2 Factors in the security of a password system
2.1 Rate at which an attacker can try guessed passwords
2.2 Limits on the number of password guesses
2.3 Form of stored passwords
2.4 Methods of verifying a password over a network
2.4.1 Simple transmission of the password
2.4.2 Transmission through encrypted channels
2.4.3 Hash-based challenge-response methods
2.4.4 Zero-knowledge password proofs
2.5 Procedures for changing passwords
2.6 Password longevity
2.7 Number of users per password
2.8 Password security architecture
2.9 Writing down passwords on paper
2.10 After death
3 Password cracking
3.1 Incidents
4 Alternatives to passwords for authentication
5 Website password systems
6 History of passwords
7 See also
8 References
9 External links
[edit]Memorization and guessing

The easier a password is for the owner to remember generally means it will be easier for an attacker to guess.[2] Passwords which are difficult to remember will reduce the security of a system because (a) users might need to write down or electronically store the password, (b) users will need frequent password resets and (c) users are more likely to re-use the same password. Similarly, the more stringent requirements for password strength, e.g. "have a mix of uppercase and lowercase letters and digits" or "change it monthly", the greater the degree to which users will subvert the system.[3] In The Memorability and Security of Passwords,[4] Jeff Yan et al. examine the effect of advice given to users about a good choice of password. They found that passwords based on thinking of a phrase and taking the first letter of each word are just as memorable as naively selected passwords, and just as hard to crack as randomly generated passwords. Combining two unrelated words is another good method. Having a personally designed "algorithm" for generating obscure passwords is another good method. However, asking users to remember a password consisting of a "mix of uppercase and lowercase characters" is similar to asking them to...
tracking img