A password is a form of secret authentication data that is used to control access to a resource. The password is kept secret from those not allowed access, and those wishing to gain access are tested on whether or not they know the password and are granted or denied access accordingly.
The use of passwords goes back to ancient times. Sentries guarding a location would challenge for a password. They would only allow a person in if they knew the password. In modern times, passwords are used to control access to protected computer operating systems, mobile phones, cable TV decoders, automated teller machines (ATMs), etc. A typical computer user may require passwords for many purposes; logging in to computer accounts, retrieving email from servers, accessing files, databases, networks, web sites, and even reading the morning newspaper online.
Despite the name, there is no need for passwords to be actual words; indeed passwords which are not actual words are harder to guess (a desirable property). Note that password is often used to describe what would be more accurately called a pass phrase. Passcode is sometimes taken to imply that the information used is purely numeric, such as the personal identification number (PIN) commonly used for ATM access. Passwords are generally short enough to be memorized.
- 1 Security and convenience
- 2 Factors in the security of a password system
- 2.1 Rate at which an attacker can try out guessed passwords
- 2.2 Form of stored passwords
- 2.3 Methods of verifying a password over a network
- 2.4 Procedures for changing passwords
- 2.5 Longevity of a password
- 2.6 Number of users per password
- 2.7 Design of the protected software
- 3 Factors in the security of an individual password
- 4 Alternatives to passwords for access control
- 5 Passwords in fiction
- 6 See also
- 7 External links
Security and convenience
In controlling access to anything, trade-offs are made between security and convenience. If a resource is protected by a password, then security is increased with a consequent loss of convenience for users. The amount of security and inconvenience inherent in a particular password system or policy are affected by several factors addressed below. However, there is generally no one universal best way to set a proper balance between security and convenience for all cases.
Some password protected systems pose little or no risk to a user if compromised, for example a password allowing access to a free information web site. Others pose modest economic or privacy risk, a password used to access e-mail or a security lock code for a mobile telephone. Still others could have very serious consequences if compromised, such as passwords used to limit access to AIDS treatment records or control a power transmission grid.
Factors in the security of a password system
The security of a password-protected system depends on several factors. The system must, of course, be designed for sound overall security. See computer security and computer insecurity. Here are some password management issues that must be considered:
Rate at which an attacker can try out guessed passwords
The rate at which an attacker can submit guessed passwords is a key factor in determining system security. Some systems impose a long time out after a small number (e.g. 3) of failed password entry attempts. Absent other vulnerabilities, such systems can be secure with relatively simple passwords as long as they are not easily guessed. Examples of passwords that are easily guessed include the name of a relative or pet, automobile license plate numbers and default passwords such as admin or 1234. Other systems store or transmit a cryptographic hash of the password in a manner that makes the hash value accessible to an attacker. When this is done, and it is common, an attacker can try out passwords at a very high rate, perhaps using widely available lists of common passwords. Passwords that are used to generate cryptographic keys, e.g for disk encryption or Wi-Fi security, are also subject to high rate guessing. Stronger passwords are needed in these systems.
Form of stored passwords
Some systems store passwords as plain text. If an attacker gains access to the password file, all passwords are compromised. If some users employ the same password for multiple accounts, those will be compromised as well. Better systems store each password in a cryptographically protected form, so access to the actual password will be difficult for a snooper who gains internal access to the system, whilst validation still remains possible.
A common cryptographic scheme stores only a "hashed" form of the plaintext password. When a user types in a password on such a system, it is run through the hashing algorithm, and if the hash value generated from the user's entry matches the hash stored in the password database, the user is permitted access. The hash value is created by applying a cryptographic hash function to a string consisting of the password and, usually, another value known as a salt. The salt prevents attackers from building a list of hash values for common passwords. MD5 and SHA1 are frequently used cryptographic hash functions. A modified version of DES was used in early Unix systems.
The UNIX DES function was iterated to make the hash function slow, to further frustrate automated guessing attacks. A more flexible function for iterated hashed passwords is described in PKCS-5.
If the hash function is well designed, it is computationally infeasible to reverse it to find the plaintext directly. However, if an attacker can gain access to the hashed values (and many systems do not protect them adequately), he can use widely available tools which compare the encrypted outcome of every word from some collection, such as a dictionary. Long lists of possible passwords in many languages are widely available and the tools try common variations as well. These dictionary attack tools demonstrate by existence the relative strengths of different password choices against such attacks. Use of a key derivation function can reduce this risk.
Methods of verifying a password over a network
A variety of methods have been used to verify passwords in a network setting:
Simple transmission of the password
Passwords can be vulnerable to snooping while being transmitted to the authenticating machine or person. If the password is carried as electrical signals on unsecured physical wiring between the user access point and the central system controlling the password database, it is subject to snooping by wiretapping methods. If it is carried over the Internet, anyone able to watch the packets containing the logon information can snoop with very little possibility of detection. Cable modems may be more vulnerable to snooping than DSL and dialup connections, and ethernet may or may not be snoopable, depending particularly on the choice of networking hardware and wiring. Some organizations have noted a significant increase in stolen accounts after users began logging in over cable connections.
Transmission through encrypted channels
The risk of interception of passwords sent over the Internet can be reduced with the Transport Layer Security (TLS, previously called SSL) feature built into many Internet browsers. Most browsers display a closed lock icon when TLS is in use. See cryptography for other ways in which the passing of information can be made more secure.
Hash-based challenge-response methods
Unfortunately, there is a conflict between stored hashed-passwords and hash-based challenge-response authentication; the latter requires a client to prove to a server that he knows what the shared secret (the password) is, and to do this, the server end needs to be able to obtain the shared secret from its stored form. On Unix-type systems doing remote authentication, the shared secret becomes the hashed form of the password, not the unhashed form; if an attacker can obtain a copy of the hashed password, he will be able to access the system remotely, even without being able to determine what the original unhashed password was. Furthermore, hash-based challenge-response methods have the serious limitation that they expose passwords to offline guessing attack.
Zero-knowledge password proofs
Taking it a step further, augmented systems for password-authenticated key agreement (e.g. AMP, B-SPEKE, PAK-Z, SRP-6) avoid both the conflict and limitation of hash-based methods; An augmented system allows a client to prove knowledge of the password to a server, where the server knows only a (not exactly) hashed password, and where the unhashed password is required to gain access.
Procedures for changing passwords
Usually, a system must provide a way to change a password, either because a user believes the current password has been (or might have been) compromised, or as a precautionary measure. If a new password is passed to the system in an unencrypted form, security can be lost (e.g., via wiretapping) before the new password can even be installed in the password database. If the new password is given to a compromised employee, little is gained. Some web sites include the user-selected password in an unencrypted confirming e-mail message.
Identity management systems are increasingly used to automate issuance of replacements for lost passwords, a feature called self service password reset. The user's identity is verified by asking questions and comparing the answers to ones previously stored. Typical questions include "Where were you born?," "What is your favorite movie?" or "What is the name of your pet?" In many cases the answers to these questions can be guessed, determined by research, or obtained through social engineering. While many users have been trained never to reveal a password, few consider the name of their favorite movie to require similar care.
Longevity of a password
Forcing users to change passwords frequently (quarterly, monthly or even more often) ensures that a valid password in the wrong hands will eventually become unusable. Many operating systems provide such features, though they are not universally used. Their security benefits are limited because attackers often exploit a password as soon as it is compromised. In many cases, particularly with administrative or "root" accounts, once an attacker has gained access, he can make alterations to the operating system that will allow him future access even after the initial password he used expires.
Forcing password change too frequently may make users more likely to forget which password is current, and there is a consequent temptation for users to either write their password down or to reuse an earlier password, which may negate any added security benefit. Implementing such a policy requires careful consideration of human factors.
Number of users per password
Sometimes a single password controls access to a device, for example, for a network router, or password-protected mobile phone. However, in the case of a computer system, a password is usually stored for each user name, thus making all access traceable (save, of course, in the case of users sharing passwords). A would-be user must give a name as well as a password. If the user supplies a password matching the one stored for the supplied user name, he or she is permitted further access into the computer system. This is also the case for a cash machine, except that the user name is the account number stored on the bank customer's card, and the PIN is usually quite short (4 to 6 digits).
Allotting separate passwords to each user of a system is usually preferable to having a single password shared by legitimate users of the system. This is partly because people are more willing to tell another person (who may not be authorized) a shared password than one exclusively for their use. Single passwords are also much less convenient to change because many people need to be told at the same time, and they make removal of a particular user's access more difficult. Per-user passwords are also essential if users are to be held accountable for their activities, such as making financial transactions or viewing medical records.
Design of the protected software
Common techniques used to improve the security of software systems protected by a password include:
- not echoing the password on the display screen as it is being entered or obscuring it as it is typed by using asterisks or circular blobs
- allowing passwords of adequate length (some Unix systems limited passwords to 8 characters).
- requiring users to re-enter their password after a period of inactivity
- enforcing a password policy to ensure strong passwords
- requiring periodic password changes
- assigning passwords at random
- providing an alternative to keyboard entry
- using encrypted tunnels or password-authenticated key agreement to prevent network attacks on transmitted passwords
Some of the more stringent policy enforcement measures can pose a risk of alienating users, possibly decreasing security.
Factors in the security of an individual password
Likelihood that a password can be guessed
Studies of production computer systems have for decades consistently shown that about 40% of all user-chosen passwords are readily guessed.
- Many users do not change the default password that comes with many computer security systems. Lists of default passwords are available on the Internet.
- A password might be guessable if a user chooses an easily-discovered piece of personal information as a password (such as a student ID number, a boy- or girlfriend's name, a birthday, a telephone number, or a license plate number). Personal data about individuals are now available from various sources, many on-line, and can often be obtained by someone using social engineering techniques, such as posing as an opinion surveyor.
- A password is vulnerable if it can be found in a list. Dictionaries (often in computer-readable form) are available for many languages, and there exist lists of commonly-chosen passwords. In tests on live systems, dictionary attacks are so routinely successful that software implementing this kind of attack is available for many systems.
- A too short password, perhaps chosen for ease of typing, is vulnerable if an attacker can obtain the cryptographic hash of the password. Computers are now fast enough to try all alphabetic passwords shorter than 7 characters, for example.
A weak password would be one that was short or was a default, or which could be rapidly guessed by searching a subset of all possible passwords such as words in the dictionary, proper names, words based on the user name or common variations on these themes. A strong password would be sufficiently long, random, or otherwise producible only by the user who chose it, so that 'guessing' for it will require too long a time. The length of time deemed to be 'too long' will vary with the attacker, with the attacker's resources, with the ease with which a password can be tried, and with the importance of the password to the attacker. So a student's password might not be worth more than a few seconds of computer time, whilst a password controlling access to a large bank's electronic money transfer system might be worth many weeks of computer time.
'Weak' and 'strong' have meaning only with regard to specific password systems. The necessary quality of the password depends on how well the password system limits attempts to guess a user's password, whether by a person who knows the user well, or a computer trying millions of possibilities. In a cryptgraphic context, the terms can have considerable precision. For example, passwords generally are not suitable for use as encryption keys. But note that even a 'strong' password may still be stolen, tricked, or extorted from a user, collected from a keyboard logger, overheard by tapping some communications medium, or copied from a Post-It note or Rolodex.
Examples of weak passwords include admin, 1234, susan, password, rover and 12/3/75; which might be easily guessed (the last being likely to be a personally significant date readily discoverable with a little research), and would certainly be found with an automated dictionary search attack in a system that permitted such action. Examples of stronger passwords would be tastywheeT34, partei@34!, and #23kLLflux. These passwords are longer and use combinations of lower and upper case letters, digits and symbols. They are unlikely to be in any password cracking word list and are sufficiently long to make direct brute force search impractical in some systems. Note that some systems do not allow symbols like #, @ and ! in passwords and they may be hard to find on some country-specific keyboards. In such cases, adding another letter or number or two may offer equivalent security. Also note that, having been published in this article as password examples, these are no longer good choices: examples from publicly accessible discussions about passwords are obviously good candidates for inclusion in a dictionary to be used for a dictionary attack. However, beware that even strong-looking passwords, and especially human-chosen passwords, are not equivalent to a strong encryption key, and should generally not be used as such. Passphrases and password-authenticated key agreement methods have been used to address this limitation.
The strongest method for generating passwords is to select sufficient characters at random, but such passwords are generally the most difficult to remember. Some users develop mnemonic phrases that have the random letters as the initial of each word. Another way to make random passwords more memorable is to use random words (see diceware) or syllables instead of random letters.
Personal mnemonics are sometimes recommended, that is, things that are memorable to you, but not to others, for example, the password Iw21wIfvP, a difficult to remember string, derives from "I was 21 when I first visited Paris", possibly easily remembered. However, if your first experience of Paris is important to you, it may be possible to guess this password from knowledge of you, and then this would not be a sensible password choice.
As of October 2005, employees of the UK Government are advised to use passwords of the following form: consonant, vowel, consonant, consonant, vowel, consanant, number, number (for example pinray45). Apparantly upper and lower case do not matter, and this form is called an Environ password.
Likelihood that a password can be remembered
The most secure passwords are long, random strings of characters. For the same number of characters, a password is stronger if it includes a mix of upper and lower case letters, numbers and other symbols (when allowed). Unfortunately from a security perspective, such passwords are quite hard for most people to remember.
Forcing users to use system-created 'random passwords' ensures the password will have no connection with that user and shouldn't be found in any dictionary. Several operating systems have included such a feature. While helpful from a security viewpoint, many users resent such measures and user cooperation is generally essential for security.
Computer users are generally advised "never write a password down anywhere, no matter what" and "never use the a password for more than one account." These maxims, while sound in theory, ignore the reality that an ordinary computer user may have dozens of password-protected accounts. They have the unintended consequence that many users select weak passwords, even for important accounts, and end up using the same password everywhere.
If passwords are written down, they should never be kept in obvious places such as address books, Rolodex files, under drawers or keyboards or behind pictures. The worst, but all too common, location is a Post-it note near the computer. Better locations are a safety deposit box or a locked file approved for information of comparable sensitivity to that protected by the password. Software is available for popular hand-held computers that can store passwords for numerous accounts in encrypted form. Another approach is to use a single password for low security accounts and select separate, strong passwords for a smaller number high value applications such as on-line banking.
At a 2005 security conference, an expert from Microsoft was quoted as saying: "I claim that password policy should say you should write down your password. I have 68 different passwords. If I am not allowed to write any of them down, guess what I am going to do? I am going to use the same password on every one of them." 
Whether it is worse to use weak passwords that are memorized or strong passwords that are written down can provoke fierce debate among experts. Practical security often requires balancing conflicting requirements and human factors.
Likelihood that a password can be discovered
Passwords can be discovered by shoulder surfing, burglary, extortion, blackmail, threats, or other methods. Dumpster diving is surprisingly fruitful for situations in which sensitive printed data is discarded with insufficient precaution (as evidenced by the recent rise in identity theft). Approximate password length can be discovered even without shoulder surfing by simply counting keyboard clicks or noting finger motions. Research published by IBM in 2004 shows that each key on a keyboard has a distinctive acoustic signature, allowing keyed in data, including passwords, to be recovered by analyzing recordings from a covert listening device or "bug." See: Acoustic cryptanalysis.
Obtaining passwords by psychological manipulation of users is an example of social engineering. An attacker might telephone a user and say "Hi. Systems Control here. We're doing a security test. Can we have your password so we can proceed?" Systems administrators and other support staff will very rarely, if ever, need to know a user's password in order to perform their jobs. System administrators with "root" or superuser privileges can change the users' passwords without their permission, so they have no need whatsoever to ask for it. In addition, they will go out of their way not to ask for a password, precisely because they do not want to encourage the habit of giving passwords to anyone.
Alternatives to passwords for access control
The numerous ways in which reusable passwords can be compromised has prompted the development of other techniques. Unfortunately, few of them has become universally available for users seeking a more secure alternative.
- Single-use passwords. Having passwords which are only valid once makes many potential attacks ineffective. Most users find single use passwords extremely inconvenient. They have, however, been widely implemented in personal online banking, where they are known as TANs. As most home users only perform a small number of transactions each week, the single use issue has not lead to significant customer dissatisfaction in this case.
- Security tokens are similar to single-use passwords, but the value to be entered is displayed on a small fob and changes every minute or so.
- Access controls based on public key cryptography e.g. SSH. The necessary keys are too large to memorize and must be stored on a local computer, security token or portable memory device, such as a flash disk or floppy disk.
- Biometric methods promise authentication based on unalterable personal characteristics, but currently (2005) have high error rates and require additional hardware to scan, for example, fingerprints, irises, etc. Because these characteristics are unalterable, it can be difficult to reuse them if they are comprised, such as by unauthorized fingerprint lifting or close eye photographing.
- Single sign-on technology is supposed to eliminate the need for having multiple passwords. Such schemes do not relieve user and administrators from choosing reasonable single passwords, nor system designers nor administrators from ensuring that private access control information passed among systems enabling single signon is secure against attack. As yet, no satisfactory standard has been widely adopted.
Passwords in fiction
Password use is often depicted in fiction, Illya Kuryakin 'proving' his identity to the U.N.C.L.E. security door with a code word, or Harry Potter giving a password to a magic painting to enter his dormitory. Famous fictional passwords include open sesame from the Arabian Nights' tale of The Forty Thieves and Rumplestiltskin.
- Password policy
- Password length parameter
- Password length equation
- Password cracking
- Password-authenticated key agreement
- Shadow password
- Password synchronization
- Self-service password reset
- Two-factor authentication, an authentication protocol that requires two forms of authentication to access a system
- Pick a Safe Password
- Passwords - Common Attacks and Possible Solutions
- Password generator - customisable
- Enforcing use of cryptographically strong password
- Choosing a good password
- Choosing good passwords
- Password management best practices
- Statistics on password choices, practices, and risks
- List of default passwords listed by vendor
- Links for password-based cryptography