A
password is a common means of
access control. Typically this is for computer systems, which is the model we will discuss here. The 'user' who access is being controlled (all users in principle, though some users have special privileged access deliberately or accidentally on some systems) maybe a real human at a keyboard, or a process / program, on the local or some other computer system. The user is asked to supply some information (the password) as a credential. If the password given matches that the system has stored for that user, the user is permitted access by the computer system. Success implies that the user is 'authentic' in that only he (or it) should have knowledge of the password. Passwords are sometimes shared by a group who are intended to all have the same access to the computer system, but this is less sensible than individual passwords since the more people (or programs) which know a password the higher the chance that password will become known to others and since membership in such a group may not coincide with the existence of the group. Individual passwords allow Alice, who has left the group, to be removed from it, thus losing access to something which was ex officio her membership.
Examples include logons to computer systems such as e-mail servers, or a spy proving his identity to the U.N.C.L.E. security door with a code word, or a PIN at a keypad.
Despite the name, there is no need (unless a particular system requires it) for passwords to be real words, indeed they are frequently harder to steal or guess if they are not.
A passcode[?] is sometimes taken to imply that the information used is purely numeric, such as the PIN[?] commonly used for ATM access
Note that password is often used to describe what would be more accurately called a pass phrase.
The security of a password protected system against illegitimate access depends on several factors but they all relate to keeping the password completely secret.
- How often the password can be used to validate the user. If it is usable only once, many potential security exploits would be rendered ineffective.
- The underlying medium / method of passing the password from the user to the authenticator. If it is, in an extreme example, publication in a newspaper, the password will be entirely insecure. If it is your Student ID, or some other easily discovered information (eg, boyfriend's name), it will be likely insecure. If it is an entirely random collection of alphanumeric characters, it will be quite hard to discover without theft, extortion, or user mistake.
- See cryptography for ways in which the passing of information can be made more secure.
- snooper describes one type of attacker attempting to discover a password. 'Shoulder surfing' is a colorful phrase for one such technique. Burglary is another.
- What procedures the system provides for changing a compromised password after discovery of the compromise
- This would include active preemption measures such as automatic expiry of passwords in case a password is compromised without that user being aware of it. This annoys most user populations.
- How easily the password can be guessed / discovered by an attacker.
- Often the password must be entered by a human user, to allow easy recall of the password a 'meaningful' value is frequently chosen. Their year of birth, spouse's/child's/pet's or telephone / license plate number are all obvious choices to user and attacker alike.
- Conversely if the user selects a less obvious password then, to assist in remembering it, they may write it down somewhere (A Post It note[?] on their monitor being a strangely popular choice) thus compromising the security of the system.
- The process of obtaining passwords by manipulation of people is an example of social engineering. "Hi. Systems Control here. We're doing a security test. Can we have your password so we can proceed?"
- Whether or not the checking process in the computer system (the 'autheniticatior') actually knows the plaintext of the password.
- If the system stores every password in an encrypted form then access to the password is more secure against snooping within the system, whilst validation remains possible, thanks again to cryptography.
Despite encryption procedures providing increased security, they are not totally immune to attack. There exist tools which can determine some plaintext passwords given a copy of the encrypted ones. These dictionary attack tools thus demonstrate the relative strengths of different password choices, by comparing the encrypted outcome of every word (and many word variations) from some word collection (ie, a dictionary). This is an example of a brute force attack in which all possible (or in the case of a dictionary attack, a sizable subset of all), possible passwords are tried. A weak password would be one that was short or which could be rapidly guessed by searching a subset such as words in the dictionary, proper names, words based on the user name[?] or common variations on these themes. A strong password would be sufficiently long, random, or producable only by the user who chose it, that 'guessing' for it will require 'too long'. How long that is will vary with the attacker, with attacker resources, and with how important the password being sought is to the attacker.
It has been said that the ideal password should be "impossible to remember" and so unlikely to be guessable. Such passwords are stronger, but are often written down, thus violating another common advice, "never writte a password down anywhere". Requiring 'strong' passwords thus often causes the unintended consequence that many such passwords get written down, increasing the liklihood that they will be lost, snooped, copied, or otherwise compromised.
If even the smallest possibility exists that the password has become known to anyone other than those to whom it 'belongs', it should be considered compromised, and immediately changed. Human users commonly resist such measures.
Purely password based systems have many potential security flaws and exploits. Therefore many modern systems are including additional checks using systems based on biometric technology[?] or the use of smartcards[?]. In addition to what users must know to gain access (ie, a password), the user must have something (ie, a fingerprint, voiceprint, iris pattern, retinal pattern, ...), or must be able to do something (ie, perform some calculation using a smartcard). These are two-factor, or three-factor, or x-factor access control systems. They are not ideal either, and users typically don't like them.
No perfect access control system is known.
See also: social engineering, in the computing sense.