In computing, a password is a word or string of characters, entered, often along with a user name, into a computer system to log in or to gain access to some resource. A word is a unit of Language that carries meaning and consists of one or more Morphemes which are linked more or less tightly together and has a Phonetic For other uses see Character. In Computer and machine-based Telecommunications terminology a character is a unit of Users in a Computing context refers to one who uses a computer system Passwords are a popular form of authentication. Authentication (from Greek αυθεντικός real or genuine from authentes author is the act of establishing or confirming something (or someone as Full security requires that the password be kept secret from those not allowed access.

The use of passwords goes back to ancient times. Sentries guarding a location would challenge for a password or watchword. They would only allow a person in if they knew the password. In modern times, passwords are used to control access to protected computer operating systems, mobile phones, cable TV decoders, automated teller machines (ATMs), etc. Access control is the ability to permit or deny the use of a particular resource by a particular entity An operating system (commonly abbreviated OS and O/S) is the software component of a Computer system that is responsible for the management and coordination A typical computer user may require passwords for many purposes: logging in to computer accounts, retrieving e-mail from servers, accessing files, databases, networks, web sites, and even reading the morning newspaper online. Users in a Computing context refers to one who uses a computer system Electronic mail, often abbreviated to e-mail, email, or originally eMail, is a Store-and-forward method of writing sending receiving

Despite the name, there is no need for passwords to be actual words; indeed passwords which are not actual words are harder to guess (a desirable property), but are generally harder for users to remember (an undesirable property). Note that password is often used to describe what would be more accurately called a passphrase. A passphrase is a sequence of words or other text used to control access to a computer system program or data Passcode is sometimes taken to imply that the information used is purely numeric, such as the personal identification number (PIN) commonly used for ATM access. A personal identification number (PIN is a secret numeric Password shared between a user and a system that can be used to authenticate the user to the system Passwords are generally short enough to be memorized. In Psychology, memory is an organism's ability to store retain and subsequently retrieve information

Designing a personal, user-friendly password

Passwords vary in the degree of public awareness, security protection and frequency of change. The most public, and therefore least secure, password might be one that is given to members of a group, a committee or some other organization. For instance, "publiclibrary", "internet", "AAAfinancecommittee" or "password" are all examples of easily remembered passwords, more or less publicly knowable passwords. Less easily attacked passwords might be built from such a basic form, for instance, "smith12nov34street" or "AAAchairpersonSUE". These are slightly more secure, but being relatively easily predictable should not be relied upon to actually block unauthorized access. Effective access control requires passwords which are more difficult to guess or to find automatically, less publicly knowable (ideally not at all), and these are the subject of much of the rest of this article. One method of creating passwords that are memorable, but harder to attack successfully is to use selective substitution of numbers for letters, e. g. 'I' is replaced by '1', 'E' by '3' etc. This becomes even more secure if the numbers are 'shifted' on the keyboard. In this instance, the number '1' might be replaced by '!', assuming '!' is a permitted character in passwords on the relevant system.

Factors in the security of a password system

The security of a password-protected system depends on several factors. The system must, of course, be designed for sound overall security, without which no password protection can have any significance. Early passwords on many systems were limited to a few numbers, or upper-case-letters, only often in prescribed patterns limiting the number of possible passwords. Most passwords today usually have fewer such limits. User input is determined by several limiting factors: allowable inputs (numbers / letters, non-visual codes and/or other keys / device inputs), minimum & maximum of time required for input, availability of cut / delete / paste / copy for input, and error/noise tolerance errors in the password or communications input. Some system administrators also enforce other limitations on passwords, such as compulsory change schedules, safe-password analysis feedback, and compulsory length / composition limits. See computer security and computer insecurity. This article describes how security can be achieved through design and engineering Many current Computer systems have only limited security precautions in place

Here are some password management issues that must be considered:

Rate at which an attacker can try out guessed passwords

The rate at which an attacker can submit guessed passwords to the system is a key factor in determining system security. Some systems impose a long time out (several seconds) after a small number (e. g. , a maximum of three) of failed password entry attempts. Absent other vulnerabilities, such systems can be secure with relatively simple passwords, if they are not easily guessable. Examples of passwords that are easily guessed include the name of a relative or pet, an automobile license plate number, and such default passwords as admin, 123456, or letmein. [1]

Other systems store or transmit a cryptographic hash of the password in a manner that makes the hash value accessible to an attacker. A cryptographic Hash function is a transformation that takes an input (or 'message' and returns a fixed-size string which is called the hash value (sometimes When this is done, and it is very common (to most observers' surprise or despair), an attacker can work off-line, rapidly testing candidate passwords against the true password's hash value. Security in such situations depends on making such an attack computationally infeasible for the attacker. in Claude Shannon's terms, to increase the 'work factor' enough to prevent successful attack. Claude Elwood Shannon (April 30 1916 – February 24 2001 an American Electronic engineer and Mathematician, is "the father of Information

Lists of common passwords are widely available and can further speed the process. (See Password cracking. Password cracking is the process of recovering Passwords from data that has been stored in or transmitted by a Computer system. ) A sufficiently complex password used in a system with a good hash algorithm can defeat such attacks as the work factor imposed on such an attacker can be made impossible in practice. Passwords that are used to generate cryptographic keys, e. g. for disk encryption or Wi-Fi security, can also be found by high rate guessing. Wi-Fi (ˈwaɪfaɪ is the trade name for the popular wireless technology used Stronger passwords are needed in such systems, but protocol designs sometimes prevent this.

Form of stored passwords

Some computer systems store passwords, against which to compare user attempts, as cleartext. In Data communications, cleartext is the form of a message or data which is in a form that is immediately comprehensible to a human being without additional processing If an attacker gains access to such an internal password file, all passwords would be compromised. If some users employ the same password for multiple accounts, those will be compromised as well. More secure systems store each password in a cryptographically protected form, so access to the actual password will be difficult for a snooper who gains internal access to the system, while validation of user access attempts still remains possible.

Email is sometimes used to distribute passwords. Since most email is sent as cleartext, it is available without effort during transport to any eavesdropper. In Data communications, cleartext is the form of a message or data which is in a form that is immediately comprehensible to a human being without additional processing Further, it will be stored on at least two computers as cleartext -- the sender's and the recipient's. If it passes through intermediate systems during its travels, it will likely be stored on those as well. Emailed passwords are generally an insecure method of distribution.

A common cryptographically based scheme stores only a "hashed" form of the plaintext password. When a user types in a password on such a system, it is run through the hashing algorithm, and if the hash value generated from the user's entry matches the hash stored in the password database, the user is permitted access. The hash value is created by applying a cryptographic hash function to a string consisting of the submitted password and, usually, another value known as a salt. A cryptographic Hash function is a transformation that takes an input (or 'message' and returns a fixed-size string which is called the hash value (sometimes In Cryptography, a salt comprises random Bits that are used as one of the inputs to a Key derivation function. The salt prevents attackers from building a list of hash values for common passwords. MD5 and SHA1 are frequently used cryptographic hash functions. In Cryptography, MD5 ( Message-Digest algorithm 5) is a widely used partially insecure Cryptographic hash function with a 128- Bit hash value

A modified version of DES was used for this purpose in early Unix systems. The Data Encryption Standard ( DES) is a Cipher (a method for Encrypting information selected by NBS as an official Federal Information Unix (officially trademarked as UNIX, sometimes also written as Unix with Small caps) is a computer The UNIX DES function was iterated to make the hash function slow, to further frustrate automated guessing attacks, and used the password candidate as a key to encrypt a fixed value, thus blocking yet another attack on the password hashing system. A more flexible function for iterated hashed passwords is described in PKCS-5. PBKDF2 (Password-Based Key Derivation Function is a Key derivation function that is part of RSA Laboratories ' Public-Key Cryptography Standards (PKCS series

If the hash function is well designed, it will be computationally infeasible to reverse it to directly find a plaintext. However, many systems do not protect their hashed passwords adequately, and if an attacker can gain access to hashed values he can use widely available tools which compare the encrypted outcome of every word from some collection, such as a dictionary. Long lists of possible passwords in many languages are widely available (eg, on the Internet) and the tools try common variations as well. The existence of these dictionary attack tools demonstrates the relative strengths of password choices against such attacks. In Cryptanalysis and Computer security, a dictionary attack is a technique for defeating a Cipher or authentication mechanism by trying to determine its Use of a key derivation function can reduce this risk. "KDF" redirects here For the Nazi organization see Kraft durch Freude In Cryptography, a key derivation function (or

A poorly designed hash function can make attacks feasible even if a strong password is chosen. See LM hash for a very widely deployed, and deplorable, example. LM hash or LAN Manager hash is one of the formats that Microsoft LAN Manager and Microsoft Windows versions previous to Windows Vista use to store user [2]

Methods of verifying a password over a network

A variety of methods have been used to verify passwords in a network setting:

Simple transmission of the password

Passwords can be vulnerable to interception (i. e. , "snooping") while being transmitted to the authenticating machine or person. If the password is carried as electrical signals on unsecured physical wiring between the user access point and the central system controlling the password database, it is subject to snooping by wiretapping methods. Wiretap redirects here For the radio program see WireTap (radio program Telephone tapping (or wire tapping / wiretapping in If it is carried as packetitzed data over the Internet, anyone able to watch the packets containing the logon information can snoop with a very low probability of detection. In Information technology, a packet is a formatted unit of Data carried by a Packet mode Computer network.

An example of cleartext transmission of passwords is the original Wikipedia website. In Data communications, cleartext is the form of a message or data which is in a form that is immediately comprehensible to a human being without additional processing ***************************************************************************************** * * When you logged into your Wikipedia account, your username and password are sent from your computer's browser through the Internet as cleartext. Users in a Computing context refers to one who uses a computer system Anyone could read them in transit and thereafter log into your account. More recently, Wikipedia has offered a secure login option, which, like many e-commerce sites, uses the SSL (TLS) cryptographic protocol to eliminate the cleartext transmission. But, because anyone can gain access to Wikipedia (without logging in at all), and then edit most articles, it can be argued that there is little need to encrypt these transmissions. Other websites (eg, banks and financial institutions) have quite different security requirements, and cleartext transmission of anything is clearly insecure in those contexts.

Another example of transmission vulnerability is email. Emailed passwords may be read by anyone with access to the transmission medium. Using client-side encryption will only protect transmission from the POP server to the client. In Computing, local E-mail clients use the Post Office Protocol version 3 ( POP3) an application-layer Internet standard protocol Previous or subsequent relays of the email will not be protected and the email will be stored on multiple computers in cleartext.

Transmission through encrypted channels

The risk of interception of passwords sent over the Internet can be reduced by, among other approaches, using the Transport Layer Security (TLS, previously called SSL) feature built into many Internet browsers. Transport Layer Security ( TLS) and its predecessor Secure Sockets Layer ( SSL) are Cryptographic protocols that provide secure Transport Layer Security ( TLS) and its predecessor Secure Sockets Layer ( SSL) are Cryptographic protocols that provide secure A web browser is a software application which enables a user to display and interact with text images videos music games and other information typically located on a Most browsers display a closed lock icon when TLS is in use. See cryptography for other ways in which the passing of information can be made more secure. Cryptography (or cryptology; from Greek grc κρυπτός kryptos, "hidden secret" and grc γράφω gráphō, "I write"

Hash-based challenge-response methods

Unfortunately, there is a conflict between stored hashed-passwords and hash-based challenge-response authentication; the latter requires a client to prove to a server that he knows what the shared secret (i. In Computer security, challenge-response authentication is a family of protocols in which one party presents a question ("challenge" and another party must provide In Cryptography, a shared secret is a piece of data only known to the parties involved in a secure communication e. , password) is, and to do this, the server must be able to obtain the shared secret from its stored form. On Unix-type systems doing remote authentication, the shared secret usually becomes the hashed form and has the serious limitation of exposing passwords to offline guessing attacks. Unix (officially trademarked as UNIX, sometimes also written as Unix with Small caps) is a computer

Zero-knowledge password proofs

Rather than transmitting the password, password-authenticated key agreement systems can perform a zero-knowledge password proof, which proves knowledge of the password without exposing it. In Cryptography, a password-authenticated key agreement method is an interactive method for two or more parties to establish cryptographic keys based on one or more party's knowledge A zero-knowledge password proof (ZKPP refers to a Password-authenticated key agreement protocol that is secure against off-line dictionary attacks

Moving a step further, augmented systems for password-authenticated key agreement (e. In Cryptography, a password-authenticated key agreement method is an interactive method for two or more parties to establish cryptographic keys based on one or more party's knowledge g. AMP, B-SPEKE, PAK-Z, SRP-6) avoid both the conflict and limitation of hash-based methods; An augmented system allows a client to prove knowledge of the password to a server, where the server knows only a (not exactly) hashed password, and where the unhashed password is required to gain access.

Procedures for changing passwords

Usually, a system must provide a way to change a password, either because a user believes the current password has been (or might have been) compromised, or as a precautionary measure. If a new password is passed to the system in an unencrypted form, security can be lost (e. g. , via wiretapping) even before the new password can even be installed in the password database. If the new password is given to a compromised employee, little is gained. Some web sites include the user-selected password in an unencrypted confirmation e-mail message, with the obvious increased vulnerability.

Identity management systems are increasingly used to automate issuance of replacements for lost passwords, a feature called self service password reset. In Information systems identity management is the management of the identity Life cycle of entities (subjects or objects Self-service password reset is defined as any process or technology that allows users who have either forgotten their Password or triggered an intruder lockout to authenticate The user's identity is verified by asking questions and comparing the answers to ones previously stored (ie, at account initialization). Typical questions include "Where were you born?," "What is your favorite movie?" or "What is the name of your pet?" In many cases the answers to these questions can be relatively easily guessed, determined by research, or obtained through social engineering, and so this is less than reliable as a verification technique. Social engineering is the art of manipulating people into performing actions or divulging confidential information While many users have been trained never to reveal a password, few consider the name of their favorite movie to require similar care.

Password longevity

"Password aging" is a feature of some operating systems which forces users to change passwords frequently (e. g. , quarterly, monthly or even more often), thus ensuring that a stolen password will become unusable more or less quickly. Most users are not so familiar with passwords and computers as to be comfortable with this, so such policies usually earn some protest and foot-dragging at best and hostility at worst. These features are therefore not always used. In any case, the security benefits are limited because attackers often exploit a password as soon as it is compromised. In many cases, particularly with administrative or "root" accounts, once an attacker has gained access, he can make alterations to the operating system that will allow him future access even after the initial password he used expires (one example of this is a rootkit). A rootkit is a computer virus which consists of a program (or combination of several programs designed to take fundamental control (in Unix terms "root"

Forcing password change too frequently may make users more likely to forget which password is current, and there is a consequent temptation for users to either write their password down or to reuse an earlier password, which may negate any added security benefit. Implementing such a policy requires careful consideration of the relevant human factors.

Number of users per password

Sometimes a single password controls access to a device, for example, for a network router, or password-protected mobile phone. However, in the case of a computer system, a password is usually stored for each user name, thus making all access traceable (save, of course, in the case of users sharing passwords). This article describes how security can be achieved through design and engineering A would-be user must give a name as well as a password. If the user supplies a password matching the one stored for the supplied user name, he or she is permitted further access into the computer system. This is also the case for a cash machine, except that the user name is the account number stored on the bank customer's card, and the PIN is usually quite short (4 to 6 digits).

Allotting separate passwords to each user of a system is preferable to having a single password shared by legitimate users of the system, certainly from a security viewpoint. This is partly because users are more willing to tell another person (who may not be authorized) a shared password than one exclusively for their use. Single passwords are also much less convenient to change because many people need to be told at the same time, and they make removal of a particular user's access more difficult. Per-user passwords are also essential if users are to be held accountable for their activities, such as making financial transactions or viewing medical records.

Design of the protected software

Common techniques used to improve the security of software systems protected by a password include:

• not echoing the password on the display screen as it is being entered or obscuring it as it is typed by using asterisks or circular blobs
• allowing passwords of adequate length (some Unix systems limited passwords to 8 characters, others to 6 uppercase letters only; both are unfortunate choices). Unix (officially trademarked as UNIX, sometimes also written as Unix with Small caps) is a computer
• requiring users to re-enter their password after a period of inactivity
• enforcing a password policy to ensure strong passwords
• requiring periodic password changes
• assigning randomly chosen passwords
• providing an alternative to keyboard entry (eg, spoken passwords)
• using encrypted tunnels or password-authenticated key agreement to prevent network attacks on transmitted passwords

Some of the more stringent policy enforcement measures can pose a risk of alienating users, possibly decreasing security as a result. A password policy is a set of rules designed to enhance Computer security by encouraging users to employ strong Passwords and use them properly In Cryptography, a password-authenticated key agreement method is an interactive method for two or more parties to establish cryptographic keys based on one or more party's knowledge

Factors in the security of an individual password

Main article: Password strength

Studies of production computer systems have for decades consistently shown that about 40% of all user-chosen passwords are readily guessed automatically, and still more with some individual research regarding a particular user. Password strength is a measurement of the effectiveness of a Password as an Authentication credential Password strength is the likelihood that a password cannot be guessed or discovered by an unauthorized person or computer. Authentication (from Greek αυθεντικός real or genuine from authentes author is the act of establishing or confirming something (or someone as A computer is a Machine that manipulates data according to a list of instructions. Passwords easily guessed are termed weak or vulnerable; passwords very difficult or impossible to guess are considered strong.

Alternatives to passwords for access control

The numerous ways in which reusable passwords can be compromised has prompted the development of other techniques. Unfortunately, few of them have become universally available for users seeking a more secure alternative.

• Single-use passwords. The purpose of a one-time password (OTP is to make it more difficult to gain unauthorized access to restricted resources like a computer account Having passwords which are only valid once makes many potential attacks ineffective. Most users find single use passwords extremely inconvenient. They have, however, been widely implemented in personal online banking, where they are known as TANs. Online banking (or Internet banking) allows customers to conduct financial transactions on a secure website operated by their retail or virtual Bank, A Transaction authentication number or TAN is used by some Online banking services as a form of single use Passwords to authorize Financial As most home users only perform a small number of transactions each week, the single use issue has not lead to significant customer dissatisfaction in this case.
• Security tokens are similar to single-use passwords, but the value to be entered is displayed on a small fob and changes every minute or so. A security token (or sometimes a hardware token, hard token, authentication token, cryptographic token, or key fob) may be a physical
• Access controls based on public key cryptography e. Public-key cryptography, also known as asymmetric cryptography, is a form of Cryptography in which the key used to encrypt a message differs from the key g. ssh. Secure Shell or SSH is a Network protocol that allows data to be exchanged using a Secure channel between two networked devices The necessary keys are too large to memorize (but see proposal Passmaze) and must be stored on a local computer, security token or portable memory device, such as a flash disk or floppy disk. A floppy disk is an increasingly Obsolete data storage medium that is composed of a disk of thin flexible ("floppy" Magnetic storage medium encased
• Biometric methods promise authentication based on unalterable personal characteristics, but currently (2005) have high error rates and require additional hardware to scan, for example, fingerprints, irises, etc. Biometrics ( ancient Greek: bios life metron measure refers to two very different fields of study and application A fingerprint is an impression of the friction ridges of all or any part of the finger The iris consists of Pigmented Fibrovascular tissue known as a stroma. They have proven easy to spoof in some famous incidents testing commercially available systems and, because these characteristics are unalterable, they cannot be changed if compromised, a highly important consideration in access control as a compromised access token is necessarily insecure.
• Single sign-on technology is claimed to eliminate the need for having multiple passwords. Single sign-on ( SSO) is a method of Access control that enables a user to Log in once and gain access to the resources of multiple software systems without Such schemes do not relieve user and administrators from choosing reasonable single passwords, nor system designers or administrators from ensuring that private access control information passed among systems enabling single sign-on is secure against attack. As yet, no satisfactory standard has been developed.
• Non-text-based passwords, such as graphical passwords or mouse-movement based passwords. In computing a password is a Word or string of characters that is entered often along with a user name, in modern times usually into a computer system [3] Another system requires users to select a series of faces as a password, utilizing the human brain's ability to recall faces easily. The term face refers to the central sense organ complex for those animals that have one normally on the ventral surface of the head and can depending on the definition The human brain controls the Central nervous system (CNS by way of the Cranial nerves and Spinal cord, the Peripheral nervous system (PNS Face perception is the process by which the Brain and Mind understand and interpret the Face, particularly the human face [4]

Graphical passwords are an alternative means of authentication for log-in intended to be used in place of conventional password; they utilize images instead of text. Authentication (from Greek αυθεντικός real or genuine from authentes author is the act of establishing or confirming something (or someone as An image (from Latin imago) or picture is an artifact usually two-dimensional that has a similar appearance to some subject &mdashusually In Computing, plain text is a term used for an ordinary "unformatted" sequential file readable as textual material without much processing In many implementations, the user is required to pick from a series of images in the correct sequence in order to gain access.

While some believe that graphical passwords would be harder to crack, others suggest that people will be just as likely to pick common images or sequences as they are to pick common passwords. Password cracking is the process of recovering Passwords from data that has been stored in or transmitted by a Computer system.

Website password systems

Passwords are used on websites to authenticate users and are usually server-side, meaning the browser sends the password to the server (by HTTP POST), the server checks the password and sends back the relevant content (or an access denied message). This process eliminates the possibility of local reverse engineering as the code used to authenticate the password does not reside on the local machine.

The transmission of the password through the browser in plaintext means it can be intercepted along its journey to the server. Most web authentication systems use SSL to establish an encrypted session between the browser and the server. This is done automatically by the browser and ensures integrity of the session.

So-called website password and membership management systems often involve the use of Java or JavaScript code existing on the client side (meaning the visitor's web browser) HTML source code (for example, AuthPro). JavaScript is a Scripting language most often used for Client-side web development HTML, an initialism of HyperText Markup Language, is the predominant Markup language for Web pages It provides a means to describe the structure Drawbacks to such systems are the relative ease in bypassing or circumventing the protection by switching off JavaScript and Meta redirects in the browser, thereby gaining access to the protected web page. Others take advantage of server-side scripting languages such as ASP or PHP to authenticate users on the server before delivering the source code to the browser. Active Server Pages ( ASP) is Microsoft 's first server-side script engine for dynamically-generated web pages PHP is a computer Scripting language. Originally designed for producing Dynamic web pages it has evolved to include a Command line interface capability Popular systems such as Sentry Login and Password Sentry take advantage of technology in which web pages are protected using such scripting language code snippets placed in front of the HTML code in the web page source saved in the appropriate extension on the server, such as . asp or . php.

Password cracking

Attempting to crack passwords by trying as many possibilities as time and money permit is a brute force attack. Password cracking is the process of recovering Passwords from data that has been stored in or transmitted by a Computer system. In Cryptanalysis, a brute force attack is a method of defeating a Cryptographic scheme by trying a large number of possibilities for example possible keys A related method, rather more efficient in most cases, is a dictionary attack. In Cryptanalysis and Computer security, a dictionary attack is a technique for defeating a Cipher or authentication mechanism by trying to determine its In a dictionary attack, all words in one or more dictionaries are tested.

There are several programs available for password auditing and recovery such as L0phtCrack, John the Ripper, and Cain; some of which use password design vulnerabilities (as in the Microsoft LANManager system) to increase efficiency. L0phtCrack is a Password Auditing and recovery application (now called LC5) originally produced by Mudge from L0pht John the Ripper is a free Password cracking software tool Initially developed for the UNIX Operating system, it currently runs on fifteen different Cain and Abel is a free Windows Password recovery tool though its authors offer an option to donate Some are useful to system administrators as any password which can be found using one of these programs is most definitely a weak password and should be rejected as an unacceptable password choice.

According to Bruce Schneier, the most commonly used password is password1. Bruce Schneier (born 15 January 1963) is an American Cryptographer, Computer security specialist and Writer. ^[1]

History of passwords

Passwords or watchwords have been used since ancient times. Polybius describes the system for distribution watchwords in the Roman military as follows:

The way in which they secure the passing round of the watchword for the night is as follows: from the tenth maniple of each class of infantry and cavalry, the maniple which is encamped at the lower end of the street, a man is chosen who is relieved from guard duty, and he attends every day at sunset at the tent of the tribune, and receiving from him the watchword - that is a wooden tablet with the word inscribed on it - takes his leave, and on returning to his quarters passes on the watchword and tablet before witnesses to the commander of the next maniple, who in turn passes it to the one next him. Polybius (ca 203 &ndash 120 BC, Greek) was a Greek historian of the Hellenistic Period noted for his book called The Histories Commonwealth English! -->The military of ancient Rome relates to the combined military forces of Ancient Rome from the founding of the city Maniple (Latin manipulus) was a tactical unit of the Roman legion adopted from the Samnites during the Samnite Wars Tribune (from the Latin: tribunus; Byzantine Greek form τριβούνος) was a title shared by 2–3 elected magistracies in the All do the same until it reaches the first maniples, those encamped near the tents of the tribunes. These latter are obliged to deliver the tablet to the tribunes before dark. So that if all those issued are returned, the tribune knows that the watchword has been given to all the maniples, and has passed through all on its way back to him. If any one of them is missing, he makes inquiry at once, as he knows by the marks from what quarter the tablet has not returned, and whoever is responsible for the stoppage meets with the punishment he merits. ^[2]

Passwords have been used with computers since the earliest days of computing. MIT's CTSS, one of the first time sharing systems, was introduced in 1961. It had a LOGIN command that requested a user password. "After typing PASSWORD, the system turns off the printing mechanism, if possible, so that the user may type in his password with privacy. " ^[3] Robert Morris invented the idea of storing login passwords in a hashed form as part of the Unix operating system. Robert "Bob" H Morris is an American Cryptographer. He received a Bachelor's degree in Mathematics from Harvard University Unix (officially trademarked as UNIX, sometimes also written as Unix with Small caps) is a computer His algorithm, know as crypt(3), used a 12-bit salt and invoked a modified form of the DES algorithm 25 times to reduce the risk of dictionary attacks. In Unix computing crypt is the name of both a commonly available utility program and a C programming function In Cryptography, a salt comprises random Bits that are used as one of the inputs to a Key derivation function. The Data Encryption Standard ( DES) is a Cipher (a method for Encrypting information selected by NBS as an official Federal Information In Cryptanalysis and Computer security, a dictionary attack is a technique for defeating a Cipher or authentication mechanism by trying to determine its

See also

• Authentication
• Diceware
• Keyfile
• Passphrase
• Password manager
• Password policy
• Password strength
• Password length parameter
• Password cracking
• Password fatigue
• Password-authenticated key agreement
• Password notification e-mail
• Password synchronization
• Pre-shared key
• Random password generator
• Self-service password reset

References

1. ^ MySpace Passwords Aren't So Dumb
2. ^ Polybius on the Roman Military
3. ^ CTSS Programmers Guide, 2nd Ed. Authentication (from Greek αυθεντικός real or genuine from authentes author is the act of establishing or confirming something (or someone as Diceware is a method for creating Passphrases Passwords and other cryptographic variables using an ordinary dice as a Hardware random number generator A keyfile (or key-file) is a file on a computer which contains Encryption or license keys A passphrase is a sequence of words or other text used to control access to a computer system program or data A password manager is Software that helps a user organize Passwords and PIN codes A password policy is a set of rules designed to enhance Computer security by encouraging users to employ strong Passwords and use them properly Password strength is a measurement of the effectiveness of a Password as an Authentication credential In Telecommunication, a Password length parameter is a basic parameter which affects Password strength against Brute force attack and so is a Password cracking is the process of recovering Passwords from data that has been stored in or transmitted by a Computer system. Password fatigue describes the Syndrome where people are required to remember an excessive number of Passwords as part of their daily living In Cryptography, a password-authenticated key agreement method is an interactive method for two or more parties to establish cryptographic keys based on one or more party's knowledge Password notification e-mail is a common technique used by Websites If a user forgets their Password then a password notification E-mail is sent containing Password synchronization is defined as any process or technology thathelps users to maintain a single password that is subject to a singlesecurity policy and changes on a single schedule In Cryptography, a pre-shared key or PSK is a Shared secret which was previously shared between the two parties using some Secure channel before A random password generator is software program or hardware device that takes input from a Random or Pseudo-random number generator and automatically Self-service password reset is defined as any process or technology that allows users who have either forgotten their Password or triggered an intruder lockout to authenticate , 1965

External links

• Large collection of statistics about passwords
• Graphical Passwords: A Survey
• PassClicks
• PassImages
• Links for password-based cryptography
• Password, Encyclopedia of Risks and Threats, MySecureCyberspace
• Procedural Advice for Organisations and Administrators
• Memorability and Security of Passwords - Cambridge University Computer Laboratory study of password memorability vs. MySecureCyberspace is an initiative by Carnegie Mellon CyLab and Carnegie Mellon's Information Networking Institute to educate the public about Computer security security.