Web Privacy Wiki
Don't have an account?
Register
Advertisement
Register
in: Web-security, Internet Security, Identity Theft, Web 3.0

Passwords

Edit

Overview[]

A password is a string of characters used to unlock/login to a specific application/account. The wider the variety of characters used the stronger the password generally is.

The use of passwords is known to be ancient. Sentries would challenge those wishing to enter an area or approaching it to supply a password or watchword, and would only allow a person or group to pass if they knew the password. In modern times, usernames and passwords are commonly used by people during a login process that controls access to protected computer operating systems, mobile phones, cable TV decoders, automated teller machines (ATMs), etc. A typical computer user has passwords for many purposes: logging into accounts, retrieving e-mail, accessing applications, databases, networks, web sites, and even reading the morning newspaper online. A leaked password is usually the main reason why things like Identity Theft occur in today's society. [1]

Password Strength[]

Password strength is a measure of the effectiveness of a password in resisting guessing and brute-force attacks. In its usual form, it estimates how many trials an attacker who does not have direct access to the password would need, on average, to guess it correctly. The strength of a password is a function of length, complexity, and unpredictability.[1]

Using strong passwords lowers overall risk of a security breach, but strong passwords do not replace the need for other effective security controls. The effectiveness of a password of a given strength is strongly determined by the design and implementation of the factors (knowledge, ownership, inherence). The first factor is the main focus in this article.

The rate at which an attacker can submit guessed passwords to the system is a key factor in determining system security. Some systems impose a time-out of several seconds after a small number (e.g. three) of failed password entry attempts. In the absence of other vulnerabilities, such systems can be effectively secured with relatively simple passwords. However the system must store information about the user passwords in some form and if that information is stolen, say by breaching system security, the user passwords can be at risk.

Guidelines for strong passwords[]

Guidelines for choosing good passwords are typically designed to make passwords less easily discovered by intelligent guessing. Common guidelines advocated by proponents of software system security include:

  • Use a minimum password length of 12 to 14 characters if permitted.
  • Include lowercase and uppercase alphabetic characters, numbers and symbols if permitted.
  • Generate passwords randomly where feasible.
  • Avoid using the same password twice (e.g., across multiple user accounts and/or software systems).
  • Avoid character repetition, keyboard patterns, dictionary words, letter or number sequences, usernames, relative or pet names, romantic links (current or past) and biographical information (e.g., ID numbers, ancestors' names or dates).
  • Avoid using information that is or might become publicly associated with the user or the account.
  • Avoid using information that the user's colleagues and/or acquaintances might know to be associated with the user.
  • Do not use passwords which consist wholly of any simple combination of the aforementioned weak components.

Some guidelines advise against writing passwords down, while others, noting the large numbers of password protected systems users must access, encourage writing down passwords as long as the written password lists are kept in a safe place, not attached to a monitor or in an unlocked desk drawer.

The possible character set for a password can be constrained by different web sites or by the range of keyboards on which the password must be entered.[2]

Password Requirements

A typical website when creating a new password.


Summary[]

Passwords are a scary subject. The way you determine yours is completely up to you and it can have long lasting implications on your life if you do not take the creation process seriously. Keep in mind the discussed topics on this page when creating yours and all should work out in the end. It is recommended to check out {{#NewWindowLink: https://howsecureismypassword.net |this page }}to check if your password is secure or not.  

  1. Password. (n.d.). Retrieved April 1, 2015, from http://en.wikipedia.org/wiki/Password
  2. Password strength. (n.d.). Retrieved April 1, 2015, from http://en.wikipedia.org/wiki/Password_strength
Community content is available under CC-BY-SA unless otherwise noted.
Advertisement

Fan Feed

More Web Privacy Wiki