Password
Encyclopedia
A password is a secret word
or string of characters
that is used for authentication
, to prove identity or gain access to a resource (example: an access code
is a type of password). The password should be kept secret
from those not allowed access.
The use of passwords is known to be ancient. Sentries would challenge those wishing to enter an area or approaching it to supply a password or watchword. Sentries would only allow a person or group to pass if they knew the password. In modern times, user name
s and passwords are commonly used by people during a log in
process that controls access
to protected computer operating system
s, mobile phone
s, cable TV decoders, automated teller machines
(ATMs), etc. A typical computer user
may require passwords for many purposes: logging in to computer accounts, retrieving e-mail
from servers, accessing programs, databases, networks, web sites, and even reading the morning newspaper online.
Despite the name, there is no need for passwords to be actual words; indeed passwords which are not actual words may be harder to guess, a desirable property. Some passwords are formed from multiple words and may more accurately be called a passphrase
. The term passcode is sometimes used when the secret information is purely numeric, such as the personal identification number
(PIN) commonly used for ATM access. Passwords are generally short enough to be easily memorized
and typed.
For the purposes of more compellingly authenticating the identity of one computing device to another, passwords have significant disadvantages (they may be stolen, spoofed, forgotten, etc.) over authentication systems relying on cryptographic protocol
s, which are more difficult to circumvent.
to guess. Passwords which are difficult to remember will reduce the security of a system because (a) users might need to write down or electronically store the password, (b) users will need frequent password resets and (c) users are more likely to re-use the same password. Similarly, the more stringent requirements for password strength, e.g. "have a mix of uppercase and lowercase letters and digits" or "change it monthly", the greater the degree to which users will subvert the system.
In The Memorability and Security of Passwords, Jeff Yan et al. examine the effect of advice given to users about a good choice of password. They found that passwords based on thinking of a phrase and taking the first letter of each word are just as memorable as naively selected passwords, and just as hard to crack as randomly generated passwords. Combining two unrelated words is another good method. Having a personally designed "algorithm
" for generating obscure passwords is another good method.
However, asking users to remember a password consisting of a “mix of uppercase and lowercase characters” is similar to asking them to remember a sequence of bits: hard to remember, and only a little bit harder to crack (e.g. only 128 times harder to crack for 7-letter passwords, less if the user simply capitalises one of the letters). Asking users to use "both letters and digits" will often lead to easy-to-guess substitutions such as 'E' --> '3' and 'I' --> '1', substitutions which are well known to attackers. Similarly typing the password one keyboard row higher is a common trick known to attackers.
es, man-in-the-middle attack
s and the like. Physical security issues are also a concern, from deterring shoulder surfing
to more sophisticated physical threats such as video cameras and keyboard sniffers. And, of course, passwords should be chosen so that they are hard for an attacker to guess and hard for an attacker to discover using any (and all) of the available automatic attack schemes. See password strength
, computer security
, and computer insecurity
.
Nowadays it is a common practice for computer systems to hide passwords as they are typed. The purpose of this measure is to avoid bystanders reading the password. However, some argue that this practice may lead to mistakes and stress, encouraging users to choose weak passwords. As an alternative, users should have the option to show or hide passwords as they type them.
Effective access control provisions may force extreme measures on criminals seeking to acquire a password or biometric token. Less extreme measures include extortion
, rubber hose cryptanalysis, and side channel attack
.
Here are some specific password management issues that must be considered in thinking about, choosing, and handling, a password.
Many systems store or transmit a cryptographic hash of the password in a manner that makes the hash value accessible to an attacker. When this is done, and it is very common, an attacker can work off-line, rapidly testing candidate passwords against the true password's hash value. Passwords that are used to generate cryptographic keys (e.g., for disk encryption
or Wi-Fi
security) can also be subjected to high rate guessing. Lists of common passwords are widely available and can make password attacks very efficient. (See Password cracking
.) Security in such situations depends on using passwords or passphrases of adequate complexity, making such an attack computationally infeasible for the attacker. Some systems, such as PGP
and Wi-Fi WPA
, apply a computation-intensive hash to the password to slow such attacks. See key stretching.
More secure systems store each password in a cryptographically protected form, so access to the actual password will still be difficult for a snooper who gains internal access to the system, while validation of user access attempts remains possible.
A common approach stores only a "hashed" form of the plaintext password. When a user types in a password on such a system, the password handling software runs through a cryptographic hash algorithm, and if the hash value generated from the user's entry matches the hash stored in the password database, the user is permitted access. The hash value is created by applying a hash function (for maximum resistance to attack this should be a cryptographic hash function
) to a string consisting of the submitted password and, usually, another value known as a salt
. The salt prevents attackers from easily building a list of hash values for common passwords. MD5
and SHA1 are frequently used cryptographic hash functions.
A modified version of the DES
algorithm was used for this purpose in early Unix
systems. The UNIX DES function was iterated to make the hash function equivalent slow, further frustrating automated guessing attacks, and used the password candidate as a key to encrypt a fixed value, thus blocking yet another attack on the password shrouding system. More recent Unix or Unix like systems (e.g., Linux
or the various BSD systems) use what most believe to be still more effective protective mechanisms based on MD5
, SHA1, Blowfish
, Twofish
, or any of several other algorithms to prevent or frustrate attacks on stored password files.
If the hash function is well designed, it will be computationally infeasible to reverse it to directly find a plaintext
password. However, many systems do not protect their hashed passwords adequately, and if an attacker can gain access to the hashed values he can use widely available tools which compare the encrypted outcome of every word from some list, such as a dictionary (many are available on the Internet). Large lists of possible passwords in many languages are widely available on the Internet, as are software programs to try common variations. The existence of these dictionary attack
tools constrains user password choices which are intended to resist easy attacks; they must not be findable on such lists. Obviously, words on such lists should be avoided as passwords. Use of a key stretching hash such as PBKDF2
is designed to reduce this risk.
A poorly designed hash function can make attacks feasible even if a strong password is chosen. See LM hash
for a widely deployed, and insecure, example.
methods. If it is carried as packetized data over the Internet, anyone able to watch the packets containing the logon information can snoop with a very low probability of detection.
Email is sometimes used to distribute passwords. Since most email is sent as cleartext, it is available without effort during transport to any eavesdropper. Further, the email will be stored on at least two computers as cleartext—the sender's and the recipient's. If it passes through intermediate systems during its travels, it will probably be stored on those as well, at least for some time. Attempts to delete an email from all these vulnerabilities may, or may not, succeed; backup
s or history files or cache
s on any of several systems may still contain the email. Indeed merely identifying every one of those systems may be difficult. Emailed passwords are generally an insecure method of distribution.
An example of cleartext transmission of passwords is the original Wikipedia
website. When you logged into your Wikipedia account, your username and password are sent from your computer's browser through the Internet as cleartext. In principle, anyone could read them in transit and thereafter log into your account as you; Wikipedia's servers have no way of distinguishing such an attacker from you. In practice, an unknowably larger number could do so as well (e.g., employees at your Internet Service Provider, at any of the systems through which the traffic passes, etc.). More recently, Wikipedia has offered a secure login option, which, like many e-commerce sites, uses the SSL / (TLS
) cryptographically based protocol to eliminate the cleartext transmission. But, because anyone can gain access to Wikipedia (without logging in at all), and then edit essentially all articles, it can be argued that there is little need to encrypt these transmissions as there's little being protected. Other websites (e.g., banks and financial institutions) have quite different security requirements, and cleartext transmission of anything is clearly insecure in those contexts.
Using client-side encryption will only protect transmission from the mail handling system server to the client machine. Previous or subsequent relays of the email will not be protected and the email will probably be stored on multiple computers, certainly on the originating and receiving computers, most often in cleartext.
protection. The most widely used is the Transport Layer Security
(TLS, previously called SSL) feature built into most current Internet browsers
. Most browsers alert the user of a TLS/SSL protected exchange with a server by displaying a closed lock icon, or some other sign, when TLS is in use. There are several other techniques in use; see cryptography
.
; the latter requires a client to prove to a server that he knows what the shared secret
(i.e., password) is, and to do this, the server must be able to obtain the shared secret from its stored form. On many systems (including Unix
-type systems) doing remote authentication, the shared secret usually becomes the hashed form and has the serious limitation of exposing passwords to offline guessing attacks. In addition, when the hash is used as a shared secret, an attacker does not need the original password to authenticate remotely; he only needs the hash.
systems can perform a zero-knowledge password proof
, which proves knowledge of the password without exposing it.
Moving a step further, augmented systems for password-authenticated key agreement
(e.g., AMP, B-SPEKE
, PAK-Z, SRP-6
) avoid both the conflict and limitation of hash-based methods. An augmented system allows a client to prove knowledge of the password to a server, where the server knows only a (not exactly) hashed password, and where the unhashed password is required to gain access.
Identity management
systems are increasingly used to automate issuance of replacements for lost passwords, a feature called self service password reset
. The user's identity is verified by asking questions and comparing the answers to ones previously stored (i.e., when the account was opened).
). The other less-frequently cited, and possibly more valid reason is that in the event of a long brute force attack, the password will be invalid by the time it has been cracked. Specifically, in an environment where it is considered important to know the probability of a fraudulent login in order to accept the risk, one can ensure that the total number of possible passwords multiplied by the time taken to try each one (assuming the greatest conceivable computing resources) is much greater than the password lifetime. However there is no documented evidence that the policy of requiring periodic changes in passwords increases system security.
Password aging may be required because of the nature of IT systems the password allows access to; if personal data is involved the EU Data Protection Directive is in force. Implementing such a policy, however, requires careful consideration of the relevant human factors. Humans memorize by association, so it is impossible to simply replace one memory with another. Two psychological phenomena interfere with password substitution. "Primacy" describes the tendency for an earlier memory to be retained more strongly than a later one. "Interference" is the tendency of two memories with the same association to conflict. Because of these effects most users must resort to a simple password containing a number that can be incremented each time the password is changed.
, a password is usually stored for each user account, thus making all access traceable (save, of course, in the case of users sharing passwords).
A would-be user on most systems must supply a username as well as a password, almost always at account set up time, and periodically thereafter. If the user supplies a password matching the one stored for the supplied username, he or she is permitted further access into the computer system. This is also the case for a cash machine, except that the 'user name' is typically the account number stored on the bank customer's card, and the PIN is usually quite short (4 to 6 digits).
Allotting separate passwords to each user of a system is preferable to having a single password shared by legitimate users of the system, certainly from a security viewpoint. This is partly because users are more willing to tell another person (who may not be authorized) a shared password than one exclusively for their use. Single passwords are also much less convenient to change because many people need to be told at the same time, and they make removal of a particular user's access more difficult, as for instance on graduation or resignation. Per-user passwords are also essential if users are to be held accountable for their activities, such as making financial transactions or viewing medical records.
Some of the more stringent policy enforcement measures can pose a risk of alienating users, possibly decreasing security as a result.
More recently, many security experts such as Bruce Schneier
recommend that people use passwords that are too complicated to memorize, write them down on paper, and keep them in a wallet.
. A related method, rather more efficient in most cases, is a dictionary attack
. In a dictionary attack, all words in one or more dictionaries are tested. Lists of common passwords are also typically tested.
Password strength
is the likelihood that a password cannot be guessed or discovered, and varies with the attack algorithm used. Passwords easily discovered are termed weak or vulnerable; passwords very difficult or impossible to discover are considered strong. There are several programs available for password attack (or even auditing and recovery by systems personnel) such as L0phtCrack
, John the Ripper
, and Cain
; some of which use password design vulnerabilities (as found in the Microsoft LANManager system) to increase efficiency. These programs are sometimes used by system administrators to detect weak passwords proposed by users.
Studies of production computer systems have consistently shown that a large fraction of all user-chosen passwords are readily guessed automatically. For example, Columbia University found 22% of user passwords could be recovered with little effort.
According to Bruce Schneier
, examining data from a 2006 phishing
attack, 55% of MySpace
passwords would be crackable in 8 hours using a commercially available Password Recovery Toolkit capable of testing 200,000 passwords per second in 2006. He also reported that the single most common password was password1, confirming yet again the general lack of informed care in choosing passwords among users. (He nevertheless maintained, based on these data, that the general quality of passwords has improved over the years—for example, average length was up to eight characters from under seven in previous surveys, and less than 4% were dictionary words.)
Transmission of the password, via the browser, in plaintext means it can be intercepted along its journey to the server. Many web authentication systems use SSL to establish an encrypted session between the browser and the server, and is usually the underlying meaning of claims to have a "secure Web site". This is done automatically by the browser and increases integrity of the session, assuming neither end has been compromised and that the SSL/TLS
implementations used are high quality ones.
describes the system for the distribution of watchwords in the Roman military
as follows:
Passwords in military use evolved to include not just a password, but a password and a counterpassword; for example in the opening days of the Battle of Normandy, paratroopers of the U.S. 101st Airborne Division used a password — flash — which was presented as a challenge, and answered with the correct response — thunder. The challenge and response were changed every three days. American paratroopers also famously used a device known as a "cricket" on D-Day
in place of a password system as a temporarily unique method of identification; one metallic click given by the device in lieu of a password was to be met by two clicks in reply.
Passwords have been used with computers since the earliest days of computing. MIT's CTSS, one of the first time sharing systems, was introduced in 1961. It had a LOGIN command that requested a user password. "After typing PASSWORD, the system turns off the printing mechanism, if possible, so that the user may type in his password with privacy." In 1978, Robert Morris
invented the idea of storing login passwords in a hashed form as part of the Unix
operating system. His algorithm, known as crypt(3)
, used a 12-bit salt
and invoked a modified form of the DES
algorithm 25 times to reduce the risk of pre-computed dictionary attack
s.
Word
In language, a word is the smallest free form that may be uttered in isolation with semantic or pragmatic content . This contrasts with a morpheme, which is the smallest unit of meaning but will not necessarily stand on its own...
or string of characters
Character (computing)
In computer and machine-based telecommunications terminology, a character is a unit of information that roughly corresponds to a grapheme, grapheme-like unit, or symbol, such as in an alphabet or syllabary in the written form of a natural language....
that is used for authentication
Authentication
Authentication is the act of confirming the truth of an attribute of a datum or entity...
, to prove identity or gain access to a resource (example: an access code
Access Code
Access code may refer to:In authentication:* Password, a secret word.* Personal identification number , a secret numeric code.In telecommunications:* National access code, used to dial a domestic call....
is a type of password). The password should be kept secret
Secrecy
Secrecy is the practice of hiding information from certain individuals or groups, perhaps while sharing it with other individuals...
from those not allowed access.
The use of passwords is known to be ancient. Sentries would challenge those wishing to enter an area or approaching it to supply a password or watchword. Sentries would only allow a person or group to pass if they knew the password. In modern times, user name
User (computing)
A user is an agent, either a human agent or software agent, who uses a computer or network service. A user often has a user account and is identified by a username , screen name , nickname , or handle, which is derived from the identical Citizen's Band radio term.Users are...
s and passwords are commonly used by people during a log in
Logging (computer security)
In computer security, a login or logon is the process by which individual access to a computer system is controlled by identifying and authentifying the user referring to credentials presented by the user.A user can log in to a system to obtain access and can then log out or log off In computer...
process that controls access
Access control
Access control refers to exerting control over who can interact with a resource. Often but not always, this involves an authority, who does the controlling. The resource can be a given building, group of buildings, or computer-based information system...
to protected computer operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
s, mobile phone
Mobile phone
A mobile phone is a device which can make and receive telephone calls over a radio link whilst moving around a wide geographic area. It does so by connecting to a cellular network provided by a mobile network operator...
s, cable TV decoders, automated teller machines
Automated teller machine
An automated teller machine or automatic teller machine, also known as a Cashpoint , cash machine or sometimes a hole in the wall in British English, is a computerised telecommunications device that provides the clients of a financial institution with access to financial transactions in a public...
(ATMs), etc. A typical computer user
Computer User
Computer User is a computer magazine originally founded in 1982, and which, after several owners and fundamental changes, is still in business today online as computeruser.com...
may require passwords for many purposes: logging in to computer accounts, retrieving e-mail
E-mail
Electronic mail, commonly known as email or e-mail, is a method of exchanging digital messages from an author to one or more recipients. Modern email operates across the Internet or other computer networks. Some early email systems required that the author and the recipient both be online at the...
from servers, accessing programs, databases, networks, web sites, and even reading the morning newspaper online.
Despite the name, there is no need for passwords to be actual words; indeed passwords which are not actual words may be harder to guess, a desirable property. Some passwords are formed from multiple words and may more accurately be called a passphrase
Passphrase
A passphrase is a sequence of words or other text used to control access to a computer system, program or data. A passphrase is similar to a password in usage, but is generally longer for added security. Passphrases are often used to control both access to, and operation of, cryptographic programs...
. The term passcode is sometimes used when the secret information is purely numeric, such as the personal identification number
Personal identification number
A personal identification number is a secret numeric password shared between a user and a system that can be used to authenticate the user to the system. Typically, the user is required to provide a non-confidential user identifier or token and a confidential PIN to gain access to the system...
(PIN) commonly used for ATM access. Passwords are generally short enough to be easily memorized
Memory
In psychology, memory is an organism's ability to store, retain, and recall information and experiences. Traditional studies of memory began in the fields of philosophy, including techniques of artificially enhancing memory....
and typed.
For the purposes of more compellingly authenticating the identity of one computing device to another, passwords have significant disadvantages (they may be stolen, spoofed, forgotten, etc.) over authentication systems relying on cryptographic protocol
Cryptographic protocol
A security protocol is an abstract or concrete protocol that performs a security-related function and applies cryptographic methods.A protocol describes how the algorithms should be used...
s, which are more difficult to circumvent.
Memorization and guessing
The easier a password is for the owner to remember generally means it will be easier for an attackerHacker (computer security)
In computer security and everyday language, a hacker is someone who breaks into computers and computer networks. Hackers may be motivated by a multitude of reasons, including profit, protest, or because of the challenge...
to guess. Passwords which are difficult to remember will reduce the security of a system because (a) users might need to write down or electronically store the password, (b) users will need frequent password resets and (c) users are more likely to re-use the same password. Similarly, the more stringent requirements for password strength, e.g. "have a mix of uppercase and lowercase letters and digits" or "change it monthly", the greater the degree to which users will subvert the system.
In The Memorability and Security of Passwords, Jeff Yan et al. examine the effect of advice given to users about a good choice of password. They found that passwords based on thinking of a phrase and taking the first letter of each word are just as memorable as naively selected passwords, and just as hard to crack as randomly generated passwords. Combining two unrelated words is another good method. Having a personally designed "algorithm
Algorithm
In mathematics and computer science, an algorithm is an effective method expressed as a finite list of well-defined instructions for calculating a function. Algorithms are used for calculation, data processing, and automated reasoning...
" for generating obscure passwords is another good method.
However, asking users to remember a password consisting of a “mix of uppercase and lowercase characters” is similar to asking them to remember a sequence of bits: hard to remember, and only a little bit harder to crack (e.g. only 128 times harder to crack for 7-letter passwords, less if the user simply capitalises one of the letters). Asking users to use "both letters and digits" will often lead to easy-to-guess substitutions such as 'E' --> '3' and 'I' --> '1', substitutions which are well known to attackers. Similarly typing the password one keyboard row higher is a common trick known to attackers.
Factors in the security of a password system
The security of a password-protected system depends on several factors. The overall system must, of course, be designed for sound security, with protection against computer virusComputer virus
A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability...
es, man-in-the-middle attack
Man-in-the-middle attack
In cryptography, the man-in-the-middle attack , bucket-brigade attack, or sometimes Janus attack, is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other...
s and the like. Physical security issues are also a concern, from deterring shoulder surfing
Shoulder surfing (computer security)
In computer security, shoulder surfing refers to using direct observation techniques, such as looking over someone's shoulder, to get information...
to more sophisticated physical threats such as video cameras and keyboard sniffers. And, of course, passwords should be chosen so that they are hard for an attacker to guess and hard for an attacker to discover using any (and all) of the available automatic attack schemes. See password strength
Password strength
Password strength is a measure of the effectiveness of a password in resisting guessing and brute-force attacks. In its usual form, it estimates how many trials an attacker who does not have direct access to the password would need, on average, to guess it correctly...
, computer security
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
, and computer insecurity
Computer insecurity
Computer insecurity refers to the concept that a computer system is always vulnerable to attack, and that this fact creates a constant battle between those looking to improve security, and those looking to circumvent security.-Security and systems design:...
.
Nowadays it is a common practice for computer systems to hide passwords as they are typed. The purpose of this measure is to avoid bystanders reading the password. However, some argue that this practice may lead to mistakes and stress, encouraging users to choose weak passwords. As an alternative, users should have the option to show or hide passwords as they type them.
Effective access control provisions may force extreme measures on criminals seeking to acquire a password or biometric token. Less extreme measures include extortion
Extortion
Extortion is a criminal offence which occurs when a person unlawfully obtains either money, property or services from a person, entity, or institution, through coercion. Refraining from doing harm is sometimes euphemistically called protection. Extortion is commonly practiced by organized crime...
, rubber hose cryptanalysis, and side channel attack
Side channel attack
In cryptography, a side channel attack is any attack based on information gained from the physical implementation of a cryptosystem, rather than brute force or theoretical weaknesses in the algorithms...
.
Here are some specific password management issues that must be considered in thinking about, choosing, and handling, a password.
Rate at which an attacker can try guessed passwords
The rate at which an attacker can submit guessed passwords to the system is a key factor in determining system security. Some systems impose a time-out of several seconds after a small number (e.g., three) of failed password entry attempts. In the absence of other vulnerabilities, such systems can be effectively secure with relatively simple passwords, if they have been well chosen and are not easily guessed.Many systems store or transmit a cryptographic hash of the password in a manner that makes the hash value accessible to an attacker. When this is done, and it is very common, an attacker can work off-line, rapidly testing candidate passwords against the true password's hash value. Passwords that are used to generate cryptographic keys (e.g., for disk encryption
Disk encryption
Disk encryption is a special case of data at rest protection when the storage media is a sector-addressable device . This article presents cryptographic aspects of the problem...
or Wi-Fi
Wi-Fi
Wi-Fi or Wifi, is a mechanism for wirelessly connecting electronic devices. A device enabled with Wi-Fi, such as a personal computer, video game console, smartphone, or digital audio player, can connect to the Internet via a wireless network access point. An access point has a range of about 20...
security) can also be subjected to high rate guessing. Lists of common passwords are widely available and can make password attacks very efficient. (See Password cracking
Password cracking
Password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password...
.) Security in such situations depends on using passwords or passphrases of adequate complexity, making such an attack computationally infeasible for the attacker. Some systems, such as PGP
Pretty Good Privacy
Pretty Good Privacy is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, E-mails, files, directories and whole disk partitions to increase the security...
and Wi-Fi WPA
Wi-Fi Protected Access
Wi-Fi Protected Access and Wi-Fi Protected Access II are two security protocols and security certification programs developed by the Wi-Fi Alliance to secure wireless computer networks...
, apply a computation-intensive hash to the password to slow such attacks. See key stretching.
Form of stored passwords
Some computer systems store user passwords as cleartext, against which to compare user log on attempts. If an attacker gains access to such an internal password store, all passwords—and so all user accounts—will be compromised. If some users employ the same password for accounts on different systems, those will be compromised as well.More secure systems store each password in a cryptographically protected form, so access to the actual password will still be difficult for a snooper who gains internal access to the system, while validation of user access attempts remains possible.
A common approach stores only a "hashed" form of the plaintext password. When a user types in a password on such a system, the password handling software runs through a cryptographic hash algorithm, and if the hash value generated from the user's entry matches the hash stored in the password database, the user is permitted access. The hash value is created by applying a hash function (for maximum resistance to attack this should be a cryptographic hash function
Cryptographic hash function
A cryptographic hash function is a deterministic procedure that takes an arbitrary block of data and returns a fixed-size bit string, the hash value, such that an accidental or intentional change to the data will change the hash value...
) to a string consisting of the submitted password and, usually, another value known as a salt
Salt (cryptography)
In cryptography, a salt consists of random bits, creating one of the inputs to a one-way function. The other input is usually a password or passphrase. The output of the one-way function can be stored rather than the password, and still be used for authenticating users. The one-way function...
. The salt prevents attackers from easily building a list of hash values for common passwords. MD5
MD5
The MD5 Message-Digest Algorithm is a widely used cryptographic hash function that produces a 128-bit hash value. Specified in RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check data integrity...
and SHA1 are frequently used cryptographic hash functions.
A modified version of the DES
Data Encryption Standard
The Data Encryption Standard is a block cipher that uses shared secret encryption. It was selected by the National Bureau of Standards as an official Federal Information Processing Standard for the United States in 1976 and which has subsequently enjoyed widespread use internationally. It is...
algorithm was used for this purpose in early Unix
Unix
Unix is a multitasking, multi-user computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna...
systems. The UNIX DES function was iterated to make the hash function equivalent slow, further frustrating automated guessing attacks, and used the password candidate as a key to encrypt a fixed value, thus blocking yet another attack on the password shrouding system. More recent Unix or Unix like systems (e.g., Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
or the various BSD systems) use what most believe to be still more effective protective mechanisms based on MD5
MD5
The MD5 Message-Digest Algorithm is a widely used cryptographic hash function that produces a 128-bit hash value. Specified in RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check data integrity...
, SHA1, Blowfish
Blowfish (cipher)
Blowfish is a keyed, symmetric block cipher, designed in 1993 by Bruce Schneier and included in a large number of cipher suites and encryption products. Blowfish provides a good encryption rate in software and no effective cryptanalysis of it has been found to date...
, Twofish
Twofish
In cryptography, Twofish is a symmetric key block cipher with a block size of 128 bits and key sizes up to 256 bits. It was one of the five finalists of the Advanced Encryption Standard contest, but was not selected for standardisation...
, or any of several other algorithms to prevent or frustrate attacks on stored password files.
If the hash function is well designed, it will be computationally infeasible to reverse it to directly find a plaintext
Plaintext
In cryptography, plaintext is information a sender wishes to transmit to a receiver. Cleartext is often used as a synonym. Before the computer era, plaintext most commonly meant message text in the language of the communicating parties....
password. However, many systems do not protect their hashed passwords adequately, and if an attacker can gain access to the hashed values he can use widely available tools which compare the encrypted outcome of every word from some list, such as a dictionary (many are available on the Internet). Large lists of possible passwords in many languages are widely available on the Internet, as are software programs to try common variations. The existence of these dictionary attack
Dictionary attack
In cryptanalysis and computer security, a dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching likely possibilities.-Technique:...
tools constrains user password choices which are intended to resist easy attacks; they must not be findable on such lists. Obviously, words on such lists should be avoided as passwords. Use of a key stretching hash such as PBKDF2
PBKDF2
PBKDF2 is a key derivation function that is part of RSA Laboratories' Public-Key Cryptography Standards series, specifically PKCS #5 v2.0, also published as Internet Engineering Task Force's RFC 2898...
is designed to reduce this risk.
A poorly designed hash function can make attacks feasible even if a strong password is chosen. See LM hash
LM hash
LM hash, LanMan, or LAN Manager hash was the primary hash that Microsoft LAN Manager and Microsoft Windows versions prior to Windows NT used to store user passwords...
for a widely deployed, and insecure, example.
Methods of verifying a password over a network
Various methods have been used to verify submitted passwords in a network setting:Simple transmission of the password
Passwords are vulnerable to interception (i.e., "snooping") while being transmitted to the authenticating machine or person. If the password is carried as electrical signals on unsecured physical wiring between the user access point and the central system controlling the password database, it is subject to snooping by wiretappingTelephone tapping
Telephone tapping is the monitoring of telephone and Internet conversations by a third party, often by covert means. The wire tap received its name because, historically, the monitoring connection was an actual electrical tap on the telephone line...
methods. If it is carried as packetized data over the Internet, anyone able to watch the packets containing the logon information can snoop with a very low probability of detection.
Email is sometimes used to distribute passwords. Since most email is sent as cleartext, it is available without effort during transport to any eavesdropper. Further, the email will be stored on at least two computers as cleartext—the sender's and the recipient's. If it passes through intermediate systems during its travels, it will probably be stored on those as well, at least for some time. Attempts to delete an email from all these vulnerabilities may, or may not, succeed; backup
Backup
In information technology, a backup or the process of backing up is making copies of data which may be used to restore the original after a data loss event. The verb form is back up in two words, whereas the noun is backup....
s or history files or cache
Cache
In computer engineering, a cache is a component that transparently stores data so that future requests for that data can be served faster. The data that is stored within a cache might be values that have been computed earlier or duplicates of original values that are stored elsewhere...
s on any of several systems may still contain the email. Indeed merely identifying every one of those systems may be difficult. Emailed passwords are generally an insecure method of distribution.
An example of cleartext transmission of passwords is the original Wikipedia
Wikipedia
Wikipedia is a free, web-based, collaborative, multilingual encyclopedia project supported by the non-profit Wikimedia Foundation. Its 20 million articles have been written collaboratively by volunteers around the world. Almost all of its articles can be edited by anyone with access to the site,...
website. When you logged into your Wikipedia account, your username and password are sent from your computer's browser through the Internet as cleartext. In principle, anyone could read them in transit and thereafter log into your account as you; Wikipedia's servers have no way of distinguishing such an attacker from you. In practice, an unknowably larger number could do so as well (e.g., employees at your Internet Service Provider, at any of the systems through which the traffic passes, etc.). More recently, Wikipedia has offered a secure login option, which, like many e-commerce sites, uses the SSL / (TLS
Transport Layer Security
Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
) cryptographically based protocol to eliminate the cleartext transmission. But, because anyone can gain access to Wikipedia (without logging in at all), and then edit essentially all articles, it can be argued that there is little need to encrypt these transmissions as there's little being protected. Other websites (e.g., banks and financial institutions) have quite different security requirements, and cleartext transmission of anything is clearly insecure in those contexts.
Using client-side encryption will only protect transmission from the mail handling system server to the client machine. Previous or subsequent relays of the email will not be protected and the email will probably be stored on multiple computers, certainly on the originating and receiving computers, most often in cleartext.
Transmission through encrypted channels
The risk of interception of passwords sent over the Internet can be reduced by, among other approaches, using cryptographicCryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
protection. The most widely used is the Transport Layer Security
Transport Layer Security
Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
(TLS, previously called SSL) feature built into most current Internet browsers
Web browser
A web browser is a software application for retrieving, presenting, and traversing information resources on the World Wide Web. An information resource is identified by a Uniform Resource Identifier and may be a web page, image, video, or other piece of content...
. Most browsers alert the user of a TLS/SSL protected exchange with a server by displaying a closed lock icon, or some other sign, when TLS is in use. There are several other techniques in use; see cryptography
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
.
Hash-based challenge-response methods
Unfortunately, there is a conflict between stored hashed-passwords and hash-based challenge-response authenticationChallenge-response authentication
In computer security, challenge-response authentication is a family of protocols in which one party presents a question and another party must provide a valid answer to be authenticated....
; the latter requires a client to prove to a server that he knows what the shared secret
Shared secret
In cryptography, a shared secret is a piece of data, known only to the parties involved, in a secure communication. The shared secret can be a password, a passphrase, a big number or an array of randomly chosen bytes....
(i.e., password) is, and to do this, the server must be able to obtain the shared secret from its stored form. On many systems (including Unix
Unix
Unix is a multitasking, multi-user computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna...
-type systems) doing remote authentication, the shared secret usually becomes the hashed form and has the serious limitation of exposing passwords to offline guessing attacks. In addition, when the hash is used as a shared secret, an attacker does not need the original password to authenticate remotely; he only needs the hash.
Zero-knowledge password proofs
Rather than transmitting a password, or transmitting the hash of the password, password-authenticated key agreementPassword-authenticated key agreement
In cryptography, a password-authenticated key agreement method is an interactive method for two or more parties to establish cryptographic keys based on one or more party's knowledge of a password.-Types:...
systems can perform a zero-knowledge password proof
Zero-knowledge password proof
In cryptography, a zero-knowledge password proof is an interactive method for one party to prove to another party that it knows a value of a password, without revealing anything other than the fact that it knows that password to the verifier...
, which proves knowledge of the password without exposing it.
Moving a step further, augmented systems for password-authenticated key agreement
Password-authenticated key agreement
In cryptography, a password-authenticated key agreement method is an interactive method for two or more parties to establish cryptographic keys based on one or more party's knowledge of a password.-Types:...
(e.g., AMP, B-SPEKE
Speke
Speke is an area of Liverpool, Merseyside, England, close to the boundaries of the Metropolitan Borough of Knowsley. It is south east of the city centre and to the west of the town of Widnes....
, PAK-Z, SRP-6
Secure remote password protocol
The Secure Remote Password protocol is a password-authenticated key agreement protocol.- Overview :The SRP protocol has a number of desirable properties: it allows a user to authenticate themselves to a server, it is resistant to dictionary attacks mounted by an eavesdropper, and it does not...
) avoid both the conflict and limitation of hash-based methods. An augmented system allows a client to prove knowledge of the password to a server, where the server knows only a (not exactly) hashed password, and where the unhashed password is required to gain access.
Procedures for changing passwords
Usually, a system must provide a way to change a password, either because a user believes the current password has been (or might have been) compromised, or as a precautionary measure. If a new password is passed to the system in unencrypted form, security can be lost (e.g., via wiretapping) even before the new password can even be installed in the password database. And, of course, if the new password is given to a compromised employee, little is gained. Some web sites include the user-selected password in an unencrypted confirmation e-mail message, with the obvious increased vulnerability.Identity management
Identity management
Identity management is a broad administrative area that deals with identifying individuals in a system and controlling access to the resources in that system by placing restrictions on the established identities of the individuals.Identity management is multidisciplinary and covers many...
systems are increasingly used to automate issuance of replacements for lost passwords, a feature called self service password reset
Self service password reset
Self-service password reset is defined as any process or technology that allows users who have either forgotten their password or triggered an intruder lockout to authenticate with an alternate factor, and repair their own problem, without calling the help desk...
. The user's identity is verified by asking questions and comparing the answers to ones previously stored (i.e., when the account was opened).
Password longevity
"Password aging" is a feature of some operating systems which forces users to change passwords frequently (e.g., quarterly, monthly or even more often). Such policies usually provoke user protest and foot-dragging at best and hostility at worst. There is often an increase in the people who note down the password and leave it where it can easily be found, as well as helpdesk calls to reset a forgotten password. Users may use simpler passwords or develop variation patterns on a consistent theme to keep their passwords memorable. Because of these issues, there is some debate as to whether password aging is effective. The intended benefit is mainly that a stolen password will be made ineffective if it is reset; however in many cases, particularly with administrative or "root" accounts, once an attacker has gained access, he can make alterations to the operating system that will allow him future access even after the initial password he used expires. (see rootkitRootkit
A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications...
). The other less-frequently cited, and possibly more valid reason is that in the event of a long brute force attack, the password will be invalid by the time it has been cracked. Specifically, in an environment where it is considered important to know the probability of a fraudulent login in order to accept the risk, one can ensure that the total number of possible passwords multiplied by the time taken to try each one (assuming the greatest conceivable computing resources) is much greater than the password lifetime. However there is no documented evidence that the policy of requiring periodic changes in passwords increases system security.
Password aging may be required because of the nature of IT systems the password allows access to; if personal data is involved the EU Data Protection Directive is in force. Implementing such a policy, however, requires careful consideration of the relevant human factors. Humans memorize by association, so it is impossible to simply replace one memory with another. Two psychological phenomena interfere with password substitution. "Primacy" describes the tendency for an earlier memory to be retained more strongly than a later one. "Interference" is the tendency of two memories with the same association to conflict. Because of these effects most users must resort to a simple password containing a number that can be incremented each time the password is changed.
Number of users per password
Sometimes a single password controls access to a device, for example, for a network router, or password-protected mobile phone. However, in the case of a computer systemComputer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
, a password is usually stored for each user account, thus making all access traceable (save, of course, in the case of users sharing passwords).
A would-be user on most systems must supply a username as well as a password, almost always at account set up time, and periodically thereafter. If the user supplies a password matching the one stored for the supplied username, he or she is permitted further access into the computer system. This is also the case for a cash machine, except that the 'user name' is typically the account number stored on the bank customer's card, and the PIN is usually quite short (4 to 6 digits).
Allotting separate passwords to each user of a system is preferable to having a single password shared by legitimate users of the system, certainly from a security viewpoint. This is partly because users are more willing to tell another person (who may not be authorized) a shared password than one exclusively for their use. Single passwords are also much less convenient to change because many people need to be told at the same time, and they make removal of a particular user's access more difficult, as for instance on graduation or resignation. Per-user passwords are also essential if users are to be held accountable for their activities, such as making financial transactions or viewing medical records.
Password security architecture
Common techniques used to improve the security of computer systems protected by a password include:- Not displaying the password on the display screen as it is being entered or obscuring it as it is typed by using asterisks (*) or bullets (•).
- Allowing passwords of adequate length. (Some legacyLegacy systemA legacy system is an old method, technology, computer system, or application program that continues to be used, typically because it still functions for the users' needs, even though newer technology or more efficient methods of performing a task are now available...
operating systems, including early versions of Unix and Windows, limited passwords to an 8 character maximum, reducing security.) - Requiring users to re-enter their password after a period of inactivity (a semi log-off policy).
- Enforcing a password policyPassword policyA password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly. A password policy is often part of an organization's official regulations and may be taught as part of security awareness training...
to increase password strengthPassword strengthPassword strength is a measure of the effectiveness of a password in resisting guessing and brute-force attacks. In its usual form, it estimates how many trials an attacker who does not have direct access to the password would need, on average, to guess it correctly...
and security.- Requiring periodic password changes.
- Assigning randomly chosen passwords.
- Requiring minimum password lengths.
- Some systems require characters from various character classes in a password—for example, "must have at least one uppercase and at least one lowercase letter". However, all-lowercase passwords are more secure per keystroke than mixed capitalization passwords.
- Providing an alternative to keyboard entry (e.g., spoken passwords, or biometricBiometricsBiometrics As Jain & Ross point out, "the term biometric authentication is perhaps more appropriate than biometrics since the latter has been historically used in the field of statistics to refer to the analysis of biological data [36]" . consists of methods...
passwords). - Requiring more than one authentication system, such as 2-factor authentication (something you have and something you know).
- Using encrypted tunnels or password-authenticated key agreementPassword-authenticated key agreementIn cryptography, a password-authenticated key agreement method is an interactive method for two or more parties to establish cryptographic keys based on one or more party's knowledge of a password.-Types:...
to prevent access to transmitted passwords via network attacks - Limiting the number of allowed failures within a given time period (to prevent repeated password guessing). After the limit is reached, further attempts will fail (including correct password attempts) until the beginning of the next time period. However, this is vulnerable to a form of denial of service attackDenial-of-service attackA denial-of-service attack or distributed denial-of-service attack is an attempt to make a computer resource unavailable to its intended users...
. - Introducing a delay between password submission attempts to slow down automated password guessing programs.
Some of the more stringent policy enforcement measures can pose a risk of alienating users, possibly decreasing security as a result.
Writing down passwords on paper
Historically, many security experts asked people to memorize their passwords and "Never write down a password".More recently, many security experts such as Bruce Schneier
Bruce Schneier
Bruce Schneier is an American cryptographer, computer security specialist, and writer. He is the author of several books on general security topics, computer security and cryptography, and is the founder and chief technology officer of BT Managed Security Solutions, formerly Counterpane Internet...
recommend that people use passwords that are too complicated to memorize, write them down on paper, and keep them in a wallet.
Password cracking
Attempting to crack passwords by trying as many possibilities as time and money permit is a brute force attackBrute force attack
In cryptography, a brute-force attack, or exhaustive key search, is a strategy that can, in theory, be used against any encrypted data. Such an attack might be utilized when it is not possible to take advantage of other weaknesses in an encryption system that would make the task easier...
. A related method, rather more efficient in most cases, is a dictionary attack
Dictionary attack
In cryptanalysis and computer security, a dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching likely possibilities.-Technique:...
. In a dictionary attack, all words in one or more dictionaries are tested. Lists of common passwords are also typically tested.
Password strength
Password strength
Password strength is a measure of the effectiveness of a password in resisting guessing and brute-force attacks. In its usual form, it estimates how many trials an attacker who does not have direct access to the password would need, on average, to guess it correctly...
is the likelihood that a password cannot be guessed or discovered, and varies with the attack algorithm used. Passwords easily discovered are termed weak or vulnerable; passwords very difficult or impossible to discover are considered strong. There are several programs available for password attack (or even auditing and recovery by systems personnel) such as L0phtCrack
L0phtCrack
L0phtCrack is a password auditing and recovery application originally produced by Mudge from L0pht Heavy Industries. It is used to test password strength and sometimes to recover lost Microsoft Windows passwords, by using dictionary, brute-force, hybrid attacks, and rainbow tables...
, John the Ripper
John the Ripper
John the Ripper is a free password cracking software tool. Initially developed for the UNIX operating system, it currently runs on fifteen different platforms...
, and Cain
Cain (software)
Cain and Abel is a password recovery tool for Microsoft Windows. It can recover many kinds of passwords using methods such as network packet sniffing, cracking various password hashes by using methods such as dictionary attacks, brute force and cryptanalysis attacks.Cryptanalysis attacks are done...
; some of which use password design vulnerabilities (as found in the Microsoft LANManager system) to increase efficiency. These programs are sometimes used by system administrators to detect weak passwords proposed by users.
Studies of production computer systems have consistently shown that a large fraction of all user-chosen passwords are readily guessed automatically. For example, Columbia University found 22% of user passwords could be recovered with little effort.
According to Bruce Schneier
Bruce Schneier
Bruce Schneier is an American cryptographer, computer security specialist, and writer. He is the author of several books on general security topics, computer security and cryptography, and is the founder and chief technology officer of BT Managed Security Solutions, formerly Counterpane Internet...
, examining data from a 2006 phishing
Phishing
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...
attack, 55% of MySpace
MySpace
Myspace is a social networking service owned by Specific Media LLC and pop star Justin Timberlake. Myspace launched in August 2003 and is headquartered in Beverly Hills, California. In August 2011, Myspace had 33.1 million unique U.S. visitors....
passwords would be crackable in 8 hours using a commercially available Password Recovery Toolkit capable of testing 200,000 passwords per second in 2006. He also reported that the single most common password was password1, confirming yet again the general lack of informed care in choosing passwords among users. (He nevertheless maintained, based on these data, that the general quality of passwords has improved over the years—for example, average length was up to eight characters from under seven in previous surveys, and less than 4% were dictionary words.)
Incidents
- On July 16, 1998, CERTCERT Coordination CenterThe CERT Coordination Center was created by DARPA in November 1988 after the Morris worm struck. It is a major coordination center in dealing with Internet security problems....
reported an incident where an attacker had found 186,126 encrypted passwords. By the time they were discovered, they had already cracked 47,642 passwords. - In December 2009, a major password breach of the Rockyou.comRockYouRockYou is a developer of social games and advertising solutions for social media. RockYou is focused on the development of social game titles, including Gourmet Ranch and the Zoo World franchise...
website occurred that led to the release of 32 million passwords. The hacker then leaked the full list of the 32 million passwords (with no other identifiable information) to the internet. Passwords were stored in cleartext in the database and were extracted through a SQL Injection vulnerability. The Imperva Application Defense Center (ADC) did an analysis on the strength of the passwords. - In June, 2011, NATO (North Atlantic Treaty Organization) experienced a security breach that led to the public release of first and last names, usernames, and passwords for more than 11,000 registered users of their e-Bookshop. The data was leaked as part of Operation AntiSecOperation AntiSecOperation Anti-Security, also referred to as Operation AntiSec or #AntiSec, is a series of hacking attacks performed by members of hacking group LulzSec, the group Anonymous, and others inspired by the announcement of the operation. LulzSec performed the earliest attacks of the operation, with the...
, a movement that includes AnonymousAnonymous (group)Anonymous is an international hacking group, spread through the Internet, initiating active civil disobedience, while attempting to maintain anonymity. Originating in 2003 on the imageboard 4chan, the term refers to the concept of many online community users simultaneously existing as an anarchic,...
, LulzSecLulzSecLulz Security, commonly abbreviated as LulzSec, is a computer hacker group that claims responsibility for several high profile attacks, including the compromise of user accounts from Sony Pictures in 2011. The group also claimed responsibility for taking the CIA website offline...
, as well as other hacking groups and individuals. The aim of AntiSec is to expose personal, sensitive, and restricted information to the world, using any means necessary. - On July 11, 2011, Booz Allen HamiltonBooz Allen HamiltonBooz Allen Hamilton Inc. , or more commonly Booz Allen, is an American public consulting firm headquartered in McLean, Fairfax County, Virginia, with 80 other offices throughout the United States. Ralph Shrader is its Chairman and Chief Executive Officer. The firm was founded by Edwin Booz in...
, a massive American Consulting firm that does a substantial amount of work for the PentagonPentagonIn geometry, a pentagon is any five-sided polygon. A pentagon may be simple or self-intersecting. The sum of the internal angles in a simple pentagon is 540°. A pentagram is an example of a self-intersecting pentagon.- Regular pentagons :In a regular pentagon, all sides are equal in length and...
, had their servers hacked by AnonymousAnonymous (group)Anonymous is an international hacking group, spread through the Internet, initiating active civil disobedience, while attempting to maintain anonymity. Originating in 2003 on the imageboard 4chan, the term refers to the concept of many online community users simultaneously existing as an anarchic,...
and leaked the same day. "The leak, dubbed 'Military Meltdown Monday,' includes 90,000 logins of military personnel—including personnel from USCENTCOMUnited States Central CommandThe United States Central Command is a theater-level Unified Combatant Command unit of the U.S. armed forces, established in 1983 under the operational control of the U.S. Secretary of Defense...
, SOCOMUnited States Special Operations CommandThe United States Special Operations Command is the Unified Combatant Command charged with overseeing the various Special Operations Commands of the Army, Air Force, Navy and Marine Corps of the United States Armed Forces. The command is part of the Department of Defense...
, the Marine corpsUnited States Marine CorpsThe United States Marine Corps is a branch of the United States Armed Forces responsible for providing power projection from the sea, using the mobility of the United States Navy to deliver combined-arms task forces rapidly. It is one of seven uniformed services of the United States...
, various Air ForceUnited States Air ForceThe United States Air Force is the aerial warfare service branch of the United States Armed Forces and one of the American uniformed services. Initially part of the United States Army, the USAF was formed as a separate branch of the military on September 18, 1947 under the National Security Act of...
facilities, Homeland SecurityHomeland securityHomeland security is an umbrella term for security efforts to protect states against terrorist activity. Specifically, is a concerted national effort to prevent terrorist attacks within the U.S., reduce America’s vulnerability to terrorism, and minimize the damage and recover from attacks that do...
, State Department staff, and what looks like private sector contractors." These leaked passwords wound up being hashed in Sha1, and were later decrypted and analyzed by the ADC team at Imperva, revealing that even military personnel look for shortcuts and ways around the password requirements. - On July 18, 2011, Microsoft Hotmail banned the password: "123456."
Alternatives to passwords for authentication
The numerous ways in which permanent or semi-permanent passwords can be compromised has prompted the development of other techniques. Unfortunately, some are inadequate in practice, and in any case few have become universally available for users seeking a more secure alternative.- Single-use passwordsOne-time passwordA one-time password is a password that is valid for only one login session or transaction. OTPs avoid a number of shortcomings that are associated with traditional passwords. The most important shortcoming that is addressed by OTPs is that, in contrast to static passwords, they are not vulnerable...
. Having passwords which are only valid once makes many potential attacks ineffective. Most users find single use passwords extremely inconvenient. They have, however, been widely implemented in personal online bankingOnline bankingOnline banking allows customers to conduct financial transactions on a secure website operated by their retail or virtual bank, credit union or building society.-Features:...
, where they are known as Transaction Authentication Numbers (TANs). As most home users only perform a small number of transactions each week, the single use issue has not led to intolerable customer dissatisfaction in this case. - Time-synchronized one-time passwords are similar in some ways to single-use passwords, but the value to be entered is displayed on a small (generally pocketable) item and changes every minute or so.
- PassWindowPassWindowPassWindow is a technique of producing one-time passwords and facilitating transaction verification that is used as an online second-factor authentication method....
one-time passwords are used as single-use passwords, but the dynamic characters to be entered are visible only when a user superimposes a unique printed visual key over a server generated challenge image shown on the user's screen. - Access controls based on public key cryptography e.g. sshSecure ShellSecure Shell is a network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure network: a server and a client...
. The necessary keys are usually too large to memorize (but see proposal Passmaze) and must be stored on a local computer, security tokenSecurity tokenA security token may be a physical device that an authorized user of computer services is given to ease authentication...
or portable memory device, such as a USB flash driveUSB flash driveA flash drive is a data storage device that consists of flash memory with an integrated Universal Serial Bus interface. flash drives are typically removable and rewritable, and physically much smaller than a floppy disk. Most weigh less than 30 g...
or even floppy diskFloppy diskA floppy disk is a disk storage medium composed of a disk of thin and flexible magnetic storage medium, sealed in a rectangular plastic carrier lined with fabric that removes dust particles...
. - Biometric methods promise authentication based on unalterable personal characteristics, but currently (2008) have high error rates and require additional hardware to scan, for example, fingerprintFingerprintA fingerprint in its narrow sense is an impression left by the friction ridges of a human finger. In a wider use of the term, fingerprints are the traces of an impression from the friction ridges of any part of a human hand. A print from the foot can also leave an impression of friction ridges...
s, irisIris (anatomy)The iris is a thin, circular structure in the eye, responsible for controlling the diameter and size of the pupils and thus the amount of light reaching the retina. "Eye color" is the color of the iris, which can be green, blue, or brown. In some cases it can be hazel , grey, violet, or even pink...
es, etc. They have proven easy to spoof in some famous incidents testing commercially available systems, for example, the gummie fingerprint spoof demonstration, and, because these characteristics are unalterable, they cannot be changed if compromised; this is a highly important consideration in access control as a compromised access token is necessarily insecure. - Single sign-onSingle sign-onSingle sign-on is a property of access control of multiple related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them...
technology is claimed to eliminate the need for having multiple passwords. Such schemes do not relieve user and administrators from choosing reasonable single passwords, nor system designers or administrators from ensuring that private access control information passed among systems enabling single sign-on is secure against attack. As yet, no satisfactory standard has been developed. - Envaulting technology is a password-free way to secure data on e.g. removable storage devices such as USB flash drives. Instead of user passwords, access control is based on the user's access to a network resource.
- Non-text-based passwords, such as graphical passwords or mouse-movement based passwords. Graphical passwords are an alternative means of authenticationAuthenticationAuthentication is the act of confirming the truth of an attribute of a datum or entity...
for log-in intended to be used in place of conventional password; they use imageImageAn image is an artifact, for example a two-dimensional picture, that has a similar appearance to some subject—usually a physical object or a person.-Characteristics:...
s, graphicsGraphicsGraphics are visual presentations on some surface, such as a wall, canvas, computer screen, paper, or stone to brand, inform, illustrate, or entertain. Examples are photographs, drawings, Line Art, graphs, diagrams, typography, numbers, symbols, geometric designs, maps, engineering drawings,or...
or colours instead of lettersLetter (alphabet)A letter is a grapheme in an alphabetic system of writing, such as the Greek alphabet and its descendants. Letters compose phonemes and each phoneme represents a phone in the spoken form of the language....
, digits or special charactersSpecial CharactersSpecial characters have been given pronunciations similar to letters and numbers in a radio alphabet. The most common pronunciations originated with users of Unix systems....
. One system requires users to select a series of faceFaceThe face is a central sense organ complex, for those animals that have one, normally on the ventral surface of the head, and can, depending on the definition in the human case, include the hair, forehead, eyebrow, eyelashes, eyes, nose, ears, cheeks, mouth, lips, philtrum, temple, teeth, skin, and...
s as a password, utilizing the human brainHuman brainThe human brain has the same general structure as the brains of other mammals, but is over three times larger than the brain of a typical mammal with an equivalent body size. Estimates for the number of neurons in the human brain range from 80 to 120 billion...
's ability to recall facesFace perceptionFace perception is the process by which the brain and mind understand and interpret the face, particularly the human face.The human face's proportions and expressions are important to identify origin, emotional tendencies, health qualities, and some social information. From birth, faces are...
easily. In some implementations the user is required to pick from a series of images in the correct sequence in order to gain access. Another graphical password solution creates a one-time passwordOne-time passwordA one-time password is a password that is valid for only one login session or transaction. OTPs avoid a number of shortcomings that are associated with traditional passwords. The most important shortcoming that is addressed by OTPs is that, in contrast to static passwords, they are not vulnerable...
using a randomly-generated grid of images. Each time the user is required to authenticate, they look for the images that fit their pre-chosen categories and enter the randomly-generated alphanumeric character that appears in the image to form the one-time password. So far, graphical passwords are promising, but are not widely used. Studies on this subject have been made to determine its usability in the real world. While some believe that graphical passwords would be harder to crackPassword crackingPassword cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password...
, others suggest that people will be just as likely to pick common images or sequences as they are to pick common passwords. - 2D Key2D KeyA 2D key is a special type of password input method proposed by Kok-Wah Lee since year 2005, that is input in a special grid, instead of a single line. This enables the user to create memorizable but long passwords, such as ASCII art, allowing extreme security....
(2-Dimensional Key) is a 2D matrix-like key input method having the key styles of multiline passphrase, crossword, ASCII/Unicode art, with optional textual semantic noises, to create big password/key beyond 128 bits to realize the MePKC (Memorizable Public-Key Cryptography) using fully memorizable private key upon the current private key management technologies like encrypted private key, split private key, and roaming private key. - Cognitive passwordCognitive passwordA cognitive password is a form of knowledge-based authentication that requires a user to answer a question, presumably something they intrinsically know, to verify their identity. Cognitive password systems have been researched for many years and are currently commonly used as a form of secondary...
s use question and answer cue/response pairs to verify identity.
Website password systems
Passwords are used on websites to authenticate users and are usually maintained on the Web server, meaning the browser on a remote system sends a password to the server (by HTTP POST), the server checks the password and sends back the relevant content (or an access denied message). This process eliminates the possibility of local reverse engineering as the code used to authenticate the password does not reside on the local machine.Transmission of the password, via the browser, in plaintext means it can be intercepted along its journey to the server. Many web authentication systems use SSL to establish an encrypted session between the browser and the server, and is usually the underlying meaning of claims to have a "secure Web site". This is done automatically by the browser and increases integrity of the session, assuming neither end has been compromised and that the SSL/TLS
Transport Layer Security
Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
implementations used are high quality ones.
History of passwords
Passwords or watchwords have been used since ancient times. PolybiusPolybius
Polybius , Greek ) was a Greek historian of the Hellenistic Period noted for his work, The Histories, which covered the period of 220–146 BC in detail. The work describes in part the rise of the Roman Republic and its gradual domination over Greece...
describes the system for the distribution of watchwords in the Roman military
Military of ancient Rome
The Roman military was intertwined with the Roman state much more closely than in a modern European nation. Josephus describes the Roman people being as if they were "born ready armed." and the Romans were for long periods prepared to engage in almost continuous warfare, absorbing massive losses...
as follows:
- The way in which they secure the passing round of the watchword for the night is as follows: from the tenth manipleManiple (military unit)Maniple was a tactical unit of the Roman legion adopted from the Samnites during the Samnite Wars . It was also the name of the military insignia carried by such unit....
of each class of infantry and cavalry, the maniple which is encamped at the lower end of the street, a man is chosen who is relieved from guard duty, and he attends every day at sunset at the tent of the tribuneTribuneTribune was a title shared by elected officials in the Roman Republic. Tribunes had the power to convene the Plebeian Council and to act as its president, which also gave them the right to propose legislation before it. They were sacrosanct, in the sense that any assault on their person was...
, and receiving from him the watchword — that is a wooden tablet with the word inscribed on it – takes his leave, and on returning to his quarters passes on the watchword and tablet before witnesses to the commander of the next maniple, who in turn passes it to the one next him. All do the same until it reaches the first maniples, those encamped near the tents of the tribunes. These latter are obliged to deliver the tablet to the tribunes before dark. So that if all those issued are returned, the tribune knows that the watchword has been given to all the maniples, and has passed through all on its way back to him. If any one of them is missing, he makes inquiry at once, as he knows by the marks from what quarter the tablet has not returned, and whoever is responsible for the stoppage meets with the punishment he merits.
Passwords in military use evolved to include not just a password, but a password and a counterpassword; for example in the opening days of the Battle of Normandy, paratroopers of the U.S. 101st Airborne Division used a password — flash — which was presented as a challenge, and answered with the correct response — thunder. The challenge and response were changed every three days. American paratroopers also famously used a device known as a "cricket" on D-Day
D-Day
D-Day is a term often used in military parlance to denote the day on which a combat attack or operation is to be initiated. "D-Day" often represents a variable, designating the day upon which some significant event will occur or has occurred; see Military designation of days and hours for similar...
in place of a password system as a temporarily unique method of identification; one metallic click given by the device in lieu of a password was to be met by two clicks in reply.
Passwords have been used with computers since the earliest days of computing. MIT's CTSS, one of the first time sharing systems, was introduced in 1961. It had a LOGIN command that requested a user password. "After typing PASSWORD, the system turns off the printing mechanism, if possible, so that the user may type in his password with privacy." In 1978, Robert Morris
Robert Morris (cryptographer)
Robert Morris , was an American cryptographer and computer scientist. -Family and Education:Morris was born in Boston, Massachusetts. His parents were Walter W. Morris, a salesman, and Helen Kelly Morris...
invented the idea of storing login passwords in a hashed form as part of the Unix
Unix
Unix is a multitasking, multi-user computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna...
operating system. His algorithm, known as crypt(3)
Crypt (Unix)
In Unix computing, crypt is the name of both a utility program and a C programming function. Though both are used for encrypting data, they are otherwise essentially unrelated...
, used a 12-bit salt
Salt (cryptography)
In cryptography, a salt consists of random bits, creating one of the inputs to a one-way function. The other input is usually a password or passphrase. The output of the one-way function can be stored rather than the password, and still be used for authenticating users. The one-way function...
and invoked a modified form of the DES
Data Encryption Standard
The Data Encryption Standard is a block cipher that uses shared secret encryption. It was selected by the National Bureau of Standards as an official Federal Information Processing Standard for the United States in 1976 and which has subsequently enjoyed widespread use internationally. It is...
algorithm 25 times to reduce the risk of pre-computed dictionary attack
Dictionary attack
In cryptanalysis and computer security, a dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching likely possibilities.-Technique:...
s.
See also
- Access CodeAccess CodeAccess code may refer to:In authentication:* Password, a secret word.* Personal identification number , a secret numeric code.In telecommunications:* National access code, used to dial a domestic call....
- AuthenticationAuthenticationAuthentication is the act of confirming the truth of an attribute of a datum or entity...
- CAPTCHACAPTCHAA CAPTCHA is a type of challenge-response test used in computing as an attempt to ensure that the response is generated by a person. The process usually involves one computer asking a user to complete a simple test which the computer is able to generate and grade...
- DicewareDicewareDiceware is a method for creating passphrases, passwords, and other cryptographic variables using ordinary dice as a hardware random number generator. For each word in the passphrase, five dice rolls are required. The numbers that come up in the rolls are assembled as a five digit number, e.g....
- Kerberos (protocol)
- KeyfileKeyfileA keyfile is a file on a computer which contains encryption or license keys.A common use is web server software running secure socket layer protocols. Server-specific keys issued by trusted authorities are merged into the keyfile along with the trusted root certificates...
- PassphrasePassphraseA passphrase is a sequence of words or other text used to control access to a computer system, program or data. A passphrase is similar to a password in usage, but is generally longer for added security. Passphrases are often used to control both access to, and operation of, cryptographic programs...
- Password crackingPassword crackingPassword cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password...
- Password fatiguePassword fatiguePassword fatigue, also known as password chaos or identity chaos, is the feeling experienced by many people who are required to remember an excessive number of passwords as part of their daily routine, such as to logon to a computer at work, undo a bicycle lock or conduct banking from an ATM.The...
- Password length parameterPassword length parameterIn telecommunication, a password length parameter is a basic parameter the value of which affects password strength against brute force attack and so is a contributor to computer security....
- Password managerPassword managerA password manager is software that helps a user organize passwords and PIN codes. The software typically has a local database or a file that holds the encrypted password data for secure logon onto computers, networks, web sites and application data files. Many password managers also work as a form...
- Password notification e-mailPassword notification e-mailPassword notification email is a common password recovery technique used by websites. If a user forgets their password then a password notification email is sent containing enough information for the user to access their account again...
- Password policyPassword policyA password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly. A password policy is often part of an organization's official regulations and may be taught as part of security awareness training...
- Password psychologyPassword psychologyLiving on the intersection of cryptography and psychology, password psychology is the study of what makes passwords or cryptographic keys easy to remember or guess.- See also :*Password strength*Password policy*Password cracking*Passphrase----...
- Password strengthPassword strengthPassword strength is a measure of the effectiveness of a password in resisting guessing and brute-force attacks. In its usual form, it estimates how many trials an attacker who does not have direct access to the password would need, on average, to guess it correctly...
- Password synchronizationPassword synchronizationPassword synchronization is a process, usually supported by software, through which a user maintains a single password across multiple IT systems. Provided all the systems enforce similar password standards Password synchronization is a process, usually supported by software, through which a user...
- Password-authenticated key agreementPassword-authenticated key agreementIn cryptography, a password-authenticated key agreement method is an interactive method for two or more parties to establish cryptographic keys based on one or more party's knowledge of a password.-Types:...
- Pre-shared keyPre-shared keyIn cryptography, a pre-shared key or PSK is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used. To build a key from shared secret, the key derivation function should be used. Such systems almost always use symmetric key...
- Random password generatorRandom password generatorA random password generator is software program or hardware device that takes input from a random or pseudo-random number generator and automatically generates a password...
- Rainbow tableRainbow tableA rainbow table is a precomputed table for reversing cryptographic hash functions, usually for cracking password hashes. Tables are usually used in recovering the plaintext password, up to a certain length consisting of a limited set of characters. It is a form of time-memory tradeoff, using less...
- Self-service password reset
- ShibbolethShibboleth (computer security)In the field of computer security, the word shibboleth means to test something, and based on that response to take a particular course of action. The most commonly seen usage is logging on to a computer with a password or other type of credential...
External links
- Large collection of statistics about passwords
- Graphical Passwords: A Survey
- PassClicks, visual passwords
- Centre for Security, Communications and Network Research, University of Plymouth
- Research Papers on Password-based Cryptography
- Procedural Advice for Organisations and Administrators
- Memorability and Security of Passwords – Cambridge University Computer Laboratory study of password memorability vs. security.