The Password reference article from the English Wikipedia on 24-Apr-2004 (provided by Fixed Reference: snapshots of Wikipedia from wikipedia.org)

Password

A password is a common means of access control which uses a secret sequence (typically a word, hence the name). Passwords are commonly used for access control on computer systems, although they have been used to control access to a variety of things (eg, protected locations, battle lines, office buildings, activation of launch controls, ...) and continue to be so used.

In a computer security system, a user (either a real human at a keyboard, or an automated computer program) attempts to access a restricted resource, such as a file or process. The user is asked to supply a password as a means of identification. If the password provided matches what the system has stored for that user, the user is permitted access by the security system (usually a part of the operating system). Access may be to certain directories and files, certain executables, certain times, or amounts of resources (such as computer CPU time, or disk storage space). Success implies that the user is who they claim to be, since no one else should have knowledge of the password.

Examples include logons to computer systems such as email servers, or Illya Kuryakin proving his identity to the U.N.C.L.E security door with a code word, or a personal_identification_number (PIN) at a bank cash machine.

Despite the name, there is no need for passwords to be actual words; indeed passwords which are not actual words are harder to guess (a very desirable trait). Note that password is often used to describe what would be more accurately called a pass phrase. Passcode is sometimes taken to imply that the information used is purely numeric, such as the PIN commonly used for ATM access.

Passwords are sometimes shared by the members of a group who are all intended to have the same access to the computer system. However, it is preferable for each user to have his own individual password since the more people (or programs) who know a password, the higher the chance that the password will become known to others. Individual passwords allow Alice, who has left the group, to be removed from it, thus losing the access which was 'ex officio' her group membership. This is a simple example of the often subtle problems with access control, including passwords. It is often surprisingly difficult to match real world policy issues and concerns (eg, joining or leaving a group) with the access control mechanism(s).

Factors in the security of a password system

The security of a password protected system depends on several factors, all of which are tied to keeping the password completely secret.

• How often the password can be used to validate the user. If it is usable only once, many potential attacks would be rendered ineffective. Several such systems have been designed and some of them are in production use.
• The underlying medium / method of passing the password from the user to the authenticator mechanism. If it is, in an extreme example, publication in a large circulation newspaper, the password will be entirely insecure. If the password is carried as electrical signals on a wire between the access point and the central system controlling the password database, it is subject to snooping by any of a variety of wire tapping methods and will be equally insecure, though less obviously so to most. If it is carried over the Internet from hither to yon, anyone in a position to watch the packets containing the logon information go by can snoop with very little possibility of detection.
• The nature of the data which is the password, and the connection, if any, between the password's 'value' and its holder. If it is the user's Student ID, or some other easily discovered information (e.g, boyfriend's name), it will likely be insecure, and should always be expected to be so. At least one University in the US has inadventently made public some of their records which included student name and Social Security number. If it is an entirely random collection of alphanumeric characters, it will be quite hard to discover without theft, extortion, or user mistake.
  • See cryptography for ways in which the passing of information can be made more secure in the face of assorted snooping methods.
  • 'Snooper' describes one type of attacker attempting to discover a password. 'Shoulder surfing' is a colorful phrase for one such technique. Burglary is another, merely less colorful. Extortion, blackmail, and threat are still less colorful, but still quite effective in many cases.
• What procedures the system provides for changing a compromised password after discovery of the compromise, or prophylactically before any such discovery. If a new password is passed to 'the system' in the clear, security can be lost (eg, via wire tapping) before the new password can even be installed in the password database. If the new password is given (even securely) to a compromised employee, it will likely be lost (this sort of problem is publicly known to have happened many times at assorted organizations, companies, etc).
  • Active theft/snoop/extortion preemption measures such as automatic expiry of passwords can work (eventually) even in cases in which a password is compromised without its owner being aware of it. This precaution annoys most users in essentially every user population.
• How easily the password can be guessed / discovered by an attacker. In tests on live systems, dictionary attacks are so routinely successful that software implementing is available for many systems.
  • Often the password must be entered by a human user. To allow easy recall of the password, a 'meaningful' value is frequently chosen. The user's year of birth, spouse's/child's/pet's name or telephone / license plate number are all obvious choices to user and attacker alike. Studies of live computer systems have consistently shown that about 40% of all user chosen passwords are easily guessable.
  • Conversely, if the user selects a less obvious password then, to assist in remembering it, they are likely to write it down somewhere (a Post It note stuck to their monitor being a strangely popular choice), thus compromising the security of the system.
  • The process of obtaining passwords by psychological manipulation of users is called social engineering. "Hi. Systems Control here. We're doing a security test. Can we have your password so we can proceed?" works astonishingly often.
  • Forcing users to use system created 'random passwords' ensures the password will have no connection with that user (and thus are hard to guess from knowledge of the user), and shouldn't be findable in any dictionary (ruling out 'dictionary attacks'). However, such passwords are very hard for users to remember, and therefore this measure is likely to be self-defeating. (See the Post-It note comment above.)
• Whether or not the checking process in the computer system (the 'authenticator') actually knows the plaintext of the password.
  • If the system stores every password in an encrypted form then access to the password is difficult for a snooper (or a snooper's program) poking around within the system, whilst validation remains possible, thanks again to cryptography.

Even when using encryption procedures to provide increased security, no password system is totally immune to attack. There exist tools which can determine some plaintext passwords, given a copy of the file containing the encrypted ones. By comparing the encrypted outcome of every word (and many word variations) from some word collection (ie, a dictionary), a program can automatically attack many computer systems. These dictionary attack tools demonstrate by existence the relative strengths of different password choices against such attacks. This is an variant of a brute force attack in which all possible (or in the case of a dictionary attack, a sizable subset of all), passwords are tried.

A weak password would be one that was short or which could be rapidly guessed by searching a subset such as words in the dictionary, proper names, words based on the user name or common variations on these themes. A strong password would be sufficiently long, random, or produceable only by the user who chose it, that 'guessing' for it will require 'too long'. How long that is will vary with the attacker, with attacker resources, and with how important the password being sought is to the attacker. 'Weak' and 'strong' have only a rather fuzzy meaning in this context, but are often misused in ways implying considerable precision. But note that a 'strong password' in this sense can still be stolen, tricked, or extorted from a user, or overheard by tapping some communications medium, or copied from a Post It note. Strong has a severely limited meaning in this context.

Examples of weak passwords would be god, sex, password, rover, smile and 12/3/75; most would be easily found with a dictionary search attack and the last is likely some personally significant date readily discoverable with a little research. Examples of stronger passwords would be tastywheeT34, '\'partei@34!, and #23kLLflux. These passwords are not dictionary attackable, use combinations of lower and upper case letters / numbers / symbols, and are sufficiently long to make direct brute force search impractically costly. Note that some systems do not allow symbols like #, @ and !'' to be in passwords; in such cases, another letter or number or two may offer equivalent security.

It has been said that the ideal password should be "impossible to remember", and so unlikely to be guessable. Such passwords are surely stronger, that is harder for an attacker to discover; but they are more often written down, and so easier to discover by looking under drawers or keyboards or behind pictures or for Post-it notes. Such passwords regularly evoke violations of another bit of common, and wise, advice -- "never write a password down anywhere". Requiring 'strong' passwords thus often causes the unintended consequence that many such passwords are less secure by increasing the liklihood that they will be lost, snooped, copied, or otherwise compromised.

If even the smallest possibility exists that the password has become known to anyone other than those to whom it 'belongs', it should be considered compromised, and immediately changed. Human users commonly resent, and resist, such measures.

See also

• social engineering
• Password length parameter
• Password length equation

---

For information on the game Password, see Password game.

This is the "Password" reference article from the English Wikipedia. All text is available under the terms of the GNU Free Documentation License. See also our Disclaimer.