720:"Password aging" is a feature of some operating systems which forces users to change passwords frequently (e.g., quarterly, monthly or even more often). Such policies usually provoke user protest and foot-dragging at best and hostility at worst. There is often an increase in the number of people who note down the password and leave it where it can easily be found, as well as help desk calls to reset a forgotten password. Users may use simpler passwords or develop variation patterns on a consistent theme to keep their passwords memorable. Because of these issues, there is some debate as to whether password aging is effective. Changing a password will not prevent abuse in most cases, since the abuse would often be immediately noticeable. However, if someone may have had access to the password through some means, such as sharing a computer or breaching a different site, changing the password limits the window for abuse.
141:, and receiving from him the watchword—that is a wooden tablet with the word inscribed on it – takes his leave, and on returning to his quarters passes on the watchword and tablet before witnesses to the commander of the next maniple, who in turn passes it to the one next to him. All do the same until it reaches the first maniples, those encamped near the tents of the tribunes. These latter are obliged to deliver the tablet to the tribunes before dark. So that if all those issued are returned, the tribune knows that the watchword has been given to all the maniples, and has passed through all on its way back to him. If any one of them is missing, he makes inquiry at once, as he knows by the marks from what quarter the tablet has not returned, and whoever is responsible for the stoppage meets with the punishment he merits.
952:
users and cyber-security experts. The NIST recommends people use longer phrases as passwords (and advises websites to raise the maximum password length) instead of hard-to-remember passwords with "illusory complexity" such as "pA55w+rd". A user prevented from using the password "password" may simply choose "Password1" if required to include a number and uppercase letter. Combined with forced periodic password changes, this can lead to passwords that are difficult to remember but easy to crack.
54:
1299:(2-Dimensional Key) is a 2D matrix-like key input method having the key styles of multiline passphrase, crossword, ASCII/Unicode art, with optional textual semantic noises, to create big password/key beyond 128 bits to realize the MePKC (Memorizable Public-Key Cryptography) using fully memorizable private key upon the current private key management technologies like encrypted private key, split private key, and roaming private key.
1227:, etc. They have proven easy to spoof in some famous incidents testing commercially available systems, for example, the gummie fingerprint spoof demonstration, and, because these characteristics are unalterable, they cannot be changed if compromised; this is a highly important consideration in access control as a compromised access token is necessarily insecure.
729:
exclusively for their use. Single passwords are also much less convenient to change because many people need to be told at the same time, and they make removal of a particular user's access more difficult, as for instance on graduation or resignation. Separate logins are also often used for accountability, for example to know who changed a piece of data.
1041:, confirming yet again the general lack of informed care in choosing passwords among users. (He nevertheless maintained, based on these data, that the general quality of passwords has improved over the years—for example, average length was up to eight characters from under seven in previous surveys, and less than 4% were dictionary words.)
638:-type systems) doing remote authentication, the shared secret usually becomes the hashed form and has the serious limitation of exposing passwords to offline guessing attacks. In addition, when the hash is used as a shared secret, an attacker does not need the original password to authenticate remotely; they only need the hash.
1162:
passwords have proved so hard to supplant (despite numerous predictions that they would soon be a thing of the past); in examining thirty representative proposed replacements with respect to security, usability and deployability they conclude "none even retains the full set of benefits that legacy passwords already provide."
271:
simply capitalises one of the letters). Asking users to use "both letters and digits" will often lead to easy-to-guess substitutions such as 'E' → '3' and 'I' → '1', substitutions that are well known to attackers. Similarly typing the password one keyboard row higher is a common trick known to attackers.
260:, Jeff Yan et al. examine the effect of advice given to users about a good choice of password. They found that passwords based on thinking of a phrase and taking the first letter of each word are just as memorable as naively selected passwords, and just as hard to crack as randomly generated passwords.
1077:
website occurred that led to the release of 32 million passwords. The hacker then leaked the full list of the 32 million passwords (with no other identifiable information) to the
Internet. Passwords were stored in cleartext in the database and were extracted through a SQL injection vulnerability. The
955:
Paul Grassi, one of the 2017 NIST report's authors, further elaborated: "Everyone knows that an exclamation point is a 1, or an I, or the last character of a password. $ is an S or a 5. If we use these well-known tricks, we aren't fooling any adversary. We are simply fooling the database that stores
248:
to guess. However, passwords that are difficult to remember may also reduce the security of a system because (a) users might need to write down or electronically store the password, (b) users will need frequent password resets and (c) users are more likely to re-use the same password across different
1233:
technology is claimed to eliminate the need for having multiple passwords. Such schemes do not relieve users and administrators from choosing reasonable single passwords, nor system designers or administrators from ensuring that private access control information passed among systems enabling single
929:
that sets requirements for the composition and usage of passwords, typically dictating minimum length, required categories (e.g., upper and lower case, numbers, and special characters), prohibited elements (e.g., use of one's own name, date of birth, address, telephone number). Some governments have
440:
More secure systems store each password in a cryptographically protected form, so access to the actual password will still be difficult for a snooper who gains internal access to the system, while validation of user access attempts remains possible. The most secure do not store passwords at all, but
417:
password after a larger cumulative number of bad guesses (say 30), to prevent an attacker from making an arbitrarily large number of bad guesses by interspersing them between good guesses made by the legitimate password owner. Attackers may conversely use knowledge of this mitigation to implement a
1365:
However, in spite of these predictions and efforts to replace them passwords are still the dominant form of authentication on the web. In "The
Persistence of Passwords", Cormac Herley and Paul van Oorschot suggest that every effort should be made to end the "spectacularly incorrect assumption" that
959:
Pieris
Tsokkis and Eliana Stavrou were able to identify some bad password construction strategies through their research and development of a password generator tool. They came up with eight categories of password construction strategies based on exposed password lists, password cracking tools, and
589:
Using client-side encryption will only protect transmission from the mail handling system server to the client machine. Previous or subsequent relays of the email will not be protected and the email will probably be stored on multiple computers, certainly on the originating and receiving computers,
519:
algorithm used a 12-bit salt value so that each user's hash was unique and iterated the DES algorithm 25 times in order to make the hash function slower, both measures intended to frustrate automated guessing attacks. The user's password was used as a key to encrypt a fixed value. More recent Unix
501:
password. An attacker can, however, use widely available tools to attempt to guess the passwords. These tools work by hashing possible passwords and comparing the result of each guess to the actual password hashes. If the attacker finds a match, they know that their guess is the actual password for
493:
attacks (which are more efficient than cracking). If it is reversibly encrypted then if the attacker gets the decryption key along with the file no cracking is necessary, while if he fails to get the key cracking is not possible. Thus, of the common storage formats for passwords only when passwords
380:
of the password. If an attacker gets access to the file of hashed passwords guessing can be done offline, rapidly testing candidate passwords against the true password's hash value. In the example of a web-server, an online attacker can guess only at the rate at which the server will respond, while
951:
have rules that actually have the opposite effect on the security of their users. This includes complex composition rules as well as forced password changes after certain periods of time. While these rules have long been widespread, they have also long been seen as annoying and ineffective by both
852:
and Cormac Herley, together with Paul C. van
Oorschot of Carleton University, Canada, that password reuse is inevitable, and that users should reuse passwords for low-security websites (which contain little personal data and no financial information, for example) and instead focus their efforts on
728:
Allotting separate passwords to each user of a system is preferable to having a single password shared by legitimate users of the system, certainly from a security viewpoint. This is partly because users are more willing to tell another person (who may not be authorized) a shared password than one
457:
invented the now-common approach of storing only a "hashed" form of the plaintext password. When a user types in a password on such a system, the password handling software runs through a cryptographic hash algorithm, and if the hash value generated from the user's entry matches the hash stored in
1288:
using a randomly generated grid of images. Each time the user is required to authenticate, they look for the images that fit their pre-chosen categories and enter the randomly generated alphanumeric character that appears in the image to form the one-time password. So far, graphical passwords are
898:
Multi-factor authentication schemes combine passwords (as "knowledge factors") with one or more other means of authentication, to make authentication more secure and less vulnerable to compromised passwords. For example, a simple two-factor login might send a text message, e-mail, automated phone
1369:
Following this, Bonneau et al. systematically compared web passwords to 35 competing authentication schemes in terms of their usability, deployability, and security. Their analysis shows that most schemes do better than passwords on security, some schemes do better and some worse with respect to
557:
Passwords are vulnerable to interception (i.e., "snooping") while being transmitted to the authenticating machine or person. If the password is carried as electrical signals on unsecured physical wiring between the user access point and the central system controlling the password database, it is
270:
However, asking users to remember a password consisting of a "mix of uppercase and lowercase characters" is similar to asking them to remember a sequence of bits: hard to remember, and only a little bit harder to crack (e.g. only 128 times harder to crack for 7-letter passwords, less if the user
1374:
scheme does worse than passwords on deployability. The authors conclude with the following observation: "Marginal gains are often not sufficient to reach the activation energy necessary to overcome significant transition costs, which may provide the best explanation of why we are likely to live
416:
An alternative to limiting the rate at which an attacker can make guesses on a password is to limit the total number of guesses that can be made. The password can be disabled, requiring a reset, after a small number of consecutive bad guesses (say 5); and the user may be required to change the
883:
To facilitate estate administration, it is helpful for people to provide a mechanism for their passwords to be communicated to the persons who will administer their affairs in the event of their death. Should a record of accounts and passwords be prepared, care must be taken to ensure that the
345:
Nowadays, it is a common practice for computer systems to hide passwords as they are typed. The purpose of this measure is to prevent bystanders from reading the password; however, some argue that this practice may lead to mistakes and stress, encouraging users to choose weak passwords. As an
1161:
The numerous ways in which permanent or semi-permanent passwords can be compromised has prompted the development of other techniques. Some are inadequate in practice, and in any case few have become universally available for users seeking a more secure alternative. A 2012 paper examines why
372:
The rate at which an attacker can submit guessed passwords to the system is a key factor in determining system security. Some systems impose a time-out of several seconds after a small number (e.g., three) of failed password entry attempts, also known as throttling. In the absence of other
303:
Traditional advice to memorize passwords and never write them down has become a challenge because of the sheer number of passwords users of computers and the internet are expected to maintain. One survey concluded that the average user has around 100 passwords. To manage the proliferation of
805:
Limiting the number of allowed failures within a given time period (to prevent repeated password guessing). After the limit is reached, further attempts will fail (including correct password attempts) until the beginning of the next time period. However, this is vulnerable to a form of
103:
Despite its name, a password does not need to be an actual word; indeed, a non-word (in the dictionary sense) may be harder to guess, which is a desirable property of passwords. A memorized secret consisting of a sequence of words or other text separated by spaces is sometimes called a
172:
in 1961, was the first computer system to implement password login. CTSS had a LOGIN command that requested a user password. "After typing PASSWORD, the system turns off the printing mechanism, if possible, so that the user may type in his password with privacy." In the early 1970s,
437:, against which to compare user logon attempts. If an attacker gains access to such an internal password store, all passwords—and so all user accounts—will be compromised. If some users employ the same password for accounts on different systems, those will be compromised as well.
685:
Usually, a system must provide a way to change a password, either because a user believes the current password has been (or might have been) compromised, or as a precautionary measure. If a new password is passed to the system in unencrypted form, security can be lost (e.g., via
249:
accounts. Similarly, the more stringent the password requirements, such as "have a mix of uppercase and lowercase letters and digits" or "change it monthly", the greater the degree to which users will subvert the system. Others argue longer passwords provide more security (e.g.,
488:
The main storage methods for passwords are plain text, hashed, hashed and salted, and reversibly encrypted. If an attacker gains access to the password file, then if it is stored as plain text, no cracking is necessary. If it is hashed but not salted then it is vulnerable to
933:
Many websites enforce standard rules such as minimum and maximum length, but also frequently include composition rules such as featuring at least one capital letter and at least one number/symbol. These latter, more specific rules were largely based on a 2003 report by the
502:
the associated user. Password cracking tools can operate by brute force (i.e. trying every possible combination of characters) or by hashing every word from a list; large lists of possible passwords in many languages are widely available on the
Internet. The existence of
677:) avoid both the conflict and limitation of hash-based methods. An augmented system allows a client to prove knowledge of the password to a server, where the server knows only a (not exactly) hashed password, and where the un-hashed password is required to gain access.
2620:
2485:
73:, but the large number of password-protected services that a typical individual accesses can make memorization of unique passwords for each service impractical. Using the terminology of the NIST Digital Identity Guidelines, the secret is held by a party called the
1023:
Studies of production computer systems have consistently shown that a large fraction of all user-chosen passwords are readily guessed automatically. For example, Columbia
University found 22% of user passwords could be recovered with little effort. According to
960:
online reports citing the most used passwords. These categories include user-related information, keyboard combinations and patterns, placement strategy, word processing, substitution, capitalization, append dates, and a combination of the previous categories
506:
tools allows attackers to easily recover poorly chosen passwords. In particular, attackers can quickly recover passwords that are short, dictionary words, simple variations on dictionary words, or that use easily guessable patterns. A modified version of the
1069:
broke the passwords of deceased employees to gain access to files needed for servicing client accounts. Technicians used brute-force attacks, and interviewers contacted families to gather personalized information that might reduce the search time for weaker
333:
to more sophisticated physical threats such as video cameras and keyboard sniffers. Passwords should be chosen so that they are hard for an attacker to guess and hard for an attacker to discover using any of the available automatic attack schemes. See
775:
Some systems require characters from various character classes in a password—for example, "must have at least one uppercase and at least one lowercase letter". However, all-lowercase passwords are more secure per keystroke than mixed capitalization
1322:
as well as security problems of passwords. It often accompanies arguments that the replacement of passwords by a more secure means of authentication is both necessary and imminent. This claim has been made by numerous people at least since 2004.
1151:
resulted in 117 million stolen passwords and emails. Millions of the passwords were later posted on a
Russian forum. A hacker named "Peace" later offered additional passwords for sale. LinkedIn undertook a mandatory reset of all compromised
1089:(North Atlantic Treaty Organization) experienced a security breach that led to the public release of first and last names, usernames, and passwords for more than 11,000 registered users of their e-bookshop. The data was leaked as part of
1366:
passwords are dead. They argue that "no other single technology matches their combination of cost, immediacy and convenience" and that "passwords are themselves the best fit for many of the scenarios in which they are currently used."
711:
Some password reset questions ask for personal information that could be found on social media, such as mother's maiden name. As a result, some security experts recommend either making up one's own questions or giving false answers.
662:
2959:
P. Tsokkis and E. Stavrou, "A password generator tool to increase users' awareness on bad password construction strategies", 2018 International
Symposium on Networks, Computers and Communications (ISNCC), Rome, 2018, pp. 1-5,
1020:; some of which use password design vulnerabilities (as found in the Microsoft LANManager system) to increase efficiency. These programs are sometimes used by system administrators to detect weak passwords proposed by users.
458:
the password database, the user is permitted access. The hash value is created by applying a cryptographic hash function to a string consisting of the submitted password and, in many implementations, another value known as a
1189:
one-time passwords are used as single-use passwords, but the dynamic characters to be entered are visible only when a user superimposes a unique printed visual key over a server-generated challenge image shown on the user's
3451:
899:
call, or similar alert whenever a login attempt is made, possibly supplying a code that must be entered in addition to a password. More sophisticated factors include such things as hardware tokens and biometric security.
312:
systems and simply keeping paper lists of less critical passwords. Such practices can reduce the number of passwords that must be memorized, such as the password manager's master password, to a more manageable number.
274:
In 2013, Google released a list of the most common password types, all of which are considered insecure because they are too easy to guess (especially after researching an individual on social media), which includes:
577:
on at least two computers: the sender's and the recipient's. If it passes through intermediate systems during its travels, it will probably be stored on there as well, at least for some time, and may be copied to
1036:
passwords would be crackable in 8 hours using a commercially available
Password Recovery Toolkit capable of testing 200,000 passwords per second in 2006. He also reported that the single most common password was
2395:
1237:
Envaulting technology is a password-free way to secure data on removable storage devices such as USB flash drives. Instead of user passwords, access control is based on the user's access to a network resource.
136:
of each class of infantry and cavalry, the maniple which is encamped at the lower end of the street, a man is chosen who is relieved from guard duty, and he attends every day at sunset at the tent of the
1169:. Having passwords that are only valid once makes many potential attacks ineffective. Most users find single-use passwords extremely inconvenient. They have, however, been widely implemented in personal
988:
is the likelihood that a password cannot be guessed or discovered, and varies with the attack algorithm used. Cryptologists and computer scientists often refer to the strength or 'hardness' in terms of
614:. Most browsers alert the user of a TLS/SSL-protected exchange with a server by displaying a closed lock icon, or some other sign, when TLS is in use. There are several other techniques in use; see
304:
passwords, some users employ the same password for multiple accounts, a dangerous practice since a data breach in one account could compromise the rest. Less risky alternatives include the use of
263:
Combining two or more unrelated words and altering some of the letters to special characters or numbers is another good method, but a single dictionary word is not. Having a personally designed
3679:
381:
an off-line attacker (who gains access to the file) can guess at a rate limited only by the hardware on which the attack is running and the strength of the algorithm used to create the hash.
421:
against the user by intentionally locking the user out of their own device; this denial of service may open other avenues for the attacker to manipulate the situation to their advantage via
396:.) Security in such situations depends on using passwords or passphrases of adequate complexity, making such an attack computationally infeasible for the attacker. Some systems, such as
1289:
promising, but are not widely used. Studies on this subject have been made to determine its usability in the real world. While some believe that graphical passwords would be harder to
3821:
Bonneau, Joseph; Herley, Cormac; Oorschot, Paul C. van; Stajano, Frank (2012). "The Quest to
Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes".
1997:
2895:
1284:
easily. In some implementations the user is required to pick from a series of images in the correct sequence in order to gain access. Another graphical password solution creates a
161:
in place of a password system as a temporarily unique method of identification; one metallic click given by the device in lieu of a password was to be met by two clicks in reply.
3447:
2580:
833:, and by websites requiring email logins, as it makes it easier for an attacker to track a single user across multiple sites. Password reuse can be avoided or minimized by using
2244:
3159:
1219:
methods promise authentication based on unalterable personal characteristics, but currently (2008) have high error rates and require additional hardware to scan, for example,
181:
operating system. The system was based on a simulated Hagelin rotor crypto machine, and first appeared in 6th Edition Unix in 1974. A later version of his algorithm, known as
3433:
2359:
540:, which have large salts and an adjustable cost or number of iterations. A poorly designed hash function can make attacks feasible even if a strong password is chosen. See
1101:, as well as other hacking groups and individuals. The aim of AntiSec is to expose personal, sensitive, and restricted information to the world, using any means necessary.
2938:
938:(NIST), authored by Bill Burr. It originally proposed the practice of using numbers, obscure characters and capital letters and updating regularly. In a 2017 article in
3191:
2385:
1177:(TANs). As most home users only perform a small number of transactions each week, the single-use issue has not led to intolerable customer dissatisfaction in this case.
1140:
staff, and what looks like private sector contractors." These leaked passwords wound up being hashed in SHA1, and were later decrypted and analyzed by the ADC team at
2870:
470:
are frequently used cryptographic hash functions, but they are not recommended for password hashing unless they are used as part of a larger construction such as in
477:
The stored data—sometimes called the "password verifier" or the "password hash"—is often stored in Modular Crypt Format or RFC 2307 hash format, sometimes in the
462:. A salt prevents attackers from easily building a list of hash values for common passwords and prevents password cracking efforts from scaling across all users.
1183:
are similar in some ways to single-use passwords, but the value to be entered is displayed on a small (generally pocketable) item and changes every minute or so.
1054:
reported an incident where an attacker had found 186,126 encrypted passwords. At the time the attacker was discovered, 47,642 passwords had already been cracked.
2547:
3087:
3649:
3036:
2772:
349:
Effective access control provisions may force extreme measures on criminals seeking to acquire a password or biometric token. Less extreme measures include
3000:
1846:
3411:
2755:
2655:
by Richard E. Smith: "we can summarize classical password selection rules as follows: The password must be impossible to remember and never written down."
865:
Historically, many security experts asked people to memorize their passwords: "Never write down a password". More recently, many security experts such as
3440:
3327:
T Matsumoto. H Matsumotot; K Yamada & S Hoshino (2002). Van Renesse, Rudolf L. (ed.). "Impact of artificial 'Gummy' Fingers on Fingerprint Systems".
392:
security) can also be subjected to high rate guessing. Lists of common passwords are widely available and can make password attacks very efficient. (See
96:
including letters, digits, or other symbols. If the permissible characters are constrained to be numeric, the corresponding secret is sometimes called a
321:
The security of a password-protected system depends on several factors. The overall system must be designed for sound security, with protection against
2417:
3671:
2183:
2116:
3250:
2085:
373:
vulnerabilities, such systems can be effectively secure with relatively simple passwords if they have been well chosen and are not easily guessed.
3108:
930:
national authentication frameworks that define requirements for user authentication to government services, including requirements for passwords.
3618:
2728:
825:
It is common practice amongst computer users to reuse the same password on multiple sites. This presents a substantial security risk, because an
3017:
2449:
3592:
1556:
935:
708:. The user's identity is verified by asking questions and comparing the answers to ones previously stored (i.e., when the account was opened).
145:
Passwords in military use evolved to include not just a password, but a password and a counterpassword; for example in the opening days of the
3705:
2225:
1658:
741:
Not displaying the password on the display screen as it is being entered or obscuring it as it is typed by using asterisks (*) or bullets (•).
3392:
3177:
2338:
2319:
1116:
and leaked the same day. "The leak, dubbed 'Military Meltdown Monday,' includes 90,000 logins of military personnel—including personnel from
2633:
69:, is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be
1993:
829:
needs to only compromise a single site in order to gain access to other sites the victim uses. This problem is exacerbated by also reusing
573:, a message containing a password is readable without effort during transport by any eavesdropper. Further, the message will be stored as
2886:
2160:
1810:
634:(i.e., password) is, and to do this, the server must be able to obtain the shared secret from its stored form. On many systems (including
1608:
3562:
2570:
2047:
3133:
2978:
3527:
2241:
1889:
817:
Some of the more stringent policy enforcement measures can pose a risk of alienating users, possibly decreasing security as a result.
157:. The challenge and response were changed every three days. American paratroopers also famously used a device known as a "cricket" on
3155:
793:
Requiring more than one authentication system, such as two-factor authentication (something a user has and something the user knows).
694:
and if the new password is given to a compromised employee, little is gained. Some websites include the user-selected password in an
2686:
2202:
1121:
3429:
3372:
2833:
2469:
2355:
2067:
1455:
1213:. The private key may be stored on a cloud service provider, and activated by the use of a password or two-factor authentication.
982:. In a dictionary attack, all words in one or more dictionaries are tested. Lists of common passwords are also typically tested.
748:
operating systems, including early versions of Unix and Windows, limited passwords to an 8 character maximum, reducing security.)
670:
364:
Some specific password management issues that must be considered when thinking about, choosing, and handling, a password follow.
3757:
2021:"Write your passwords down to improve safety — A counter-intuitive notion leaves you less vulnerable to remote attack, not more"
3861:
869:
recommend that people use passwords that are too complicated to memorize, write them down on paper, and keep them in a wallet.
3217:
2946:
2670:
2648:
116:
Passwords have been used since ancient times. Sentries would challenge those wishing to enter an area to supply a password or
3838:
3467:
2710:
2519:
2265:
1917:
1686:
627:
2862:
1293:, others suggest that people will be just as likely to pick common images or sequences as they are to pick common passwords.
3448:"Confident Technologies Delivers Image-Based, Multifactor Authentication to Strengthen Passwords on Public-Facing Websites"
2923:
2604:
2020:
1692:
1201:. The necessary keys are usually too large to memorize (but see proposal Passmaze) and must be stored on a local computer,
1180:
799:
658:
647:
330:
3881:
3488:
3286:
1743:
497:
If a cryptographic hash function is well designed, it is computationally infeasible to reverse the function to recover a
2501:
1824:
1008:. There are several programs available for password attack (or even auditing and recovery by systems personnel) such as
853:
remembering long, complex passwords for a few important accounts, such as bank accounts. Similar arguments were made by
1969:
569:
Email is sometimes used to distribute passwords but this is generally an insecure method. Since most email is sent as
3731:
2537:
780:
3909:
3641:
3033:
2336:
How to prevent Windows from storing a LAN manager hash of your password in Active Directory and local SAM databases
674:
3079:
875:
software can also store passwords relatively safely, in an encrypted file sealed with a single master password.
3408:
2752:
1137:
165:
97:
81:. When the claimant successfully demonstrates knowledge of the password to the verifier through an established
598:
The risk of interception of passwords sent over the Internet can be reduced by, among other approaches, using
3310:
1117:
651:
422:
174:
2425:
2180:
2140:
704:
systems are increasingly used to automate the issuance of replacements for lost passwords, a feature called
132:
The way in which they secure the passing round of the watchword for the night is as follows: from the tenth
1526:
1425:
1385:
990:
813:
Introducing a delay between password submission attempts to slow down automated password guessing programs.
250:
2800:
3914:
1933:
893:
705:
450:
377:
236:, accessing applications, databases, networks, web sites, and even reading the morning newspaper online.
205:
108:. A passphrase is similar to a password in usage, but the former is generally longer for added security.
3243:
2089:
857:
in not change passwords as often as many "experts" advise, due to the same limitations in human memory.
3101:
1125:
826:
245:
3781:"The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes"
3614:
3502:
2316:
2112:
1144:, revealing that even military personnel look for shortcuts and ways around the password requirements.
3584:
3014:
2446:
1869:
1445:
1331:
769:
354:
89:
33:
17:
2282:
1783:
1594:
737:
Common techniques used to improve the security of computer systems protected by a password include:
3701:
2222:
1655:
1435:
1051:
807:
603:
508:
418:
326:
225:
190:
125:
3483:
Kok-Wah Lee "Methods and Systems to Create Big Memorizable Secrets and Their Applications" Patent
3389:
3173:
2335:
2242:
Cracking Story – How I Cracked Over 122 Million SHA1 and MD5 Hashed Passwords « Thireus' Bl0g
1194:
1129:
940:
133:
82:
2157:
1802:
1375:
considerably longer before seeing the funeral procession for passwords arrive at the cemetery."
751:
Requiring users to re-enter their password after a period of inactivity (a semi log-off policy).
2277:
1778:
401:
3554:
2707:
1907:
1612:
3125:
2516:
2217:
2215:
2044:
1581:
93:
3192:"2012 Linkedin Breach had 117 Million Emails and Passwords Stolen, Not 6.5M - Security News"
974:
Attempting to crack passwords by trying as many possibilities as time and money permit is a
244:
The easier a password is for the owner to remember generally means it will be easier for an
3780:
3531:
3336:
1886:
1058:
607:
146:
2212:
8:
2683:
2199:
1430:
1405:
1105:
701:
459:
397:
358:
186:
47:
3340:
944:, Burr reported he regrets these proposals and made a mistake when he recommended them.
3866:
3369:
3352:
2826:
2666:
2466:
2295:
1504:
1477:"An Efficient Remote User Password Authentication Scheme based on Rabin's Cryptosystem"
1302:
1269:
1241:
975:
562:
methods. If it is carried as packeted data over the Internet, anyone able to watch the
346:
alternative, users should have the option to show or hide passwords as they type them.
2386:"Forbes: Why You Should Ignore Everything You Have Been Told About Choosing Passwords"
2064:
1234:
sign-on is secure against attack. As yet, no satisfactory standard has been developed.
907:
Password rotation is a policy that is commonly implemented with the goal of enhancing
3834:
3796:
3753:
2994:
2299:
1965:
1913:
1840:
1682:
1496:
1476:
1315:
1290:
1285:
1261:
1166:
1133:
1113:
1094:
1090:
1062:
985:
979:
969:
908:
759:
687:
583:
566:
containing the logon information can snoop with a very low probability of detection.
559:
503:
393:
339:
335:
194:
3825:. 2012 IEEE Symposium on Security and Privacy. San Francisco, CA. pp. 553–567.
3356:
1508:
1244:
or mouse-movement based passwords. Graphical passwords are an alternative means of
3919:
3826:
3788:
3344:
3053:
2961:
2645:
2287:
1773:
Morris, Robert; Thompson, Ken (3 April 1978). "Password Security: A Case History".
1715:
1560:
1488:
1420:
1390:
1351:
872:
842:
830:
446:
305:
213:
201:
40:
3876:
3484:
3464:
2601:
2303:
1552:
1082:
Application Defense Center (ADC) did an analysis on the strength of the passwords.
1057:
In September 2001, after the deaths of 658 of their 960 New York employees in the
164:
Passwords have been used with computers since the earliest days of computing. The
3893:
3471:
3415:
3396:
3376:
3314:
3040:
3021:
2759:
2714:
2690:
2652:
2608:
2523:
2505:
2473:
2453:
2342:
2323:
2248:
2229:
2206:
2187:
2164:
2129:
Wilkes, M. V. Time-Sharing Computer Systems. American Elsevier, New York, (1968).
2071:
2051:
1959:
1893:
1676:
1662:
1634:
1400:
1347:
1281:
1265:
1206:
1017:
1013:
926:
920:
849:
755:
385:
2914:
2827:"Improving Usability of Password Management with Standardized Password Policies"
2696:"your password ... in a secure place, such as the back of your wallet or purse."
3779:
Bonneau, Joseph; Herley, Cormac; Oorschot, Paul C. van; Stajano, Frank (2012).
2965:
1720:
1440:
1335:
1245:
1230:
1224:
1202:
1170:
1025:
866:
646:
Rather than transmitting a password, or transmitting the hash of the password,
563:
405:
404:, apply a computation-intensive hash to the password to slow such attacks. See
322:
309:
209:
3856:
3421:
3278:
1492:
177:
developed a system of storing login passwords in a hashed form as part of the
53:
3903:
3800:
2497:
2488: : "NT dialog boxes ... limited passwords to a maximum of 14 characters"
1565:
1500:
1359:
1174:
745:
631:
490:
454:
229:
630:; the latter requires a client to prove to a server that they know what the
511:
algorithm was used as the basis for the password hashing algorithm in early
153:—which was presented as a challenge, and answered with the correct response—
120:, and would only allow a person or group to pass if they knew the password.
3871:
3528:"IBM Reveals Five Innovations That Will Change Our Lives within Five Years"
2777:
2575:
2424:. CESG: the Information Security Arm of GCHQ. 15 April 2016. Archived from
1798:
1248:
for log-in intended to be used in place of conventional password; they use
1198:
1109:
615:
599:
516:
217:
182:
3727:
3326:
2291:
329:
and the like. Physical security issues are also a concern, from deterring
3156:"Anonymous Leaks 90,000 Military Email Accounts in Latest Antisec Attack"
1277:
1220:
1210:
911:. In 2019, Microsoft stated that the practice is "ancient and obsolete".
611:
3555:"Kill the Password: Why a String of Characters Can't Protect Us Anymore"
1991:
3830:
3814:
1450:
1327:
1186:
1009:
787:
786:
Providing an alternative to keyboard entry (e.g., spoken passwords, or
698:
confirmation e-mail message, with the obvious increased vulnerability.
695:
442:
105:
3348:
2773:"Microsoft says mandatory password changing is "ancient and obsolete""
367:
2684:"The Memorability and Security of Passwords – Some Empirical Results"
1343:
1339:
1319:
1216:
1066:
574:
570:
498:
494:
have been salted and hashed is cracking both necessary and possible.
434:
350:
264:
77:
while the party verifying the identity of the claimant is called the
70:
3792:
2887:"The Man Who Wrote Those Password Rules Has a New Tip: N3v$ r M1^d!"
2825:
AlFayyadh, Bander; Thorsheim, Per; Jøsang, Audun; Klevjer, Henning.
1905:
1004:; passwords very difficult or impossible to discover are considered
2542:
2345:. support.microsoft.com (3 December 2007). Retrieved on 2012-05-20.
2102:. Modernlifeisrubbish.co.uk (26 May 2006). Retrieved on 2012-05-20.
1551:
Grassi, Paul A.; Garcia, Michael E.; Fenton, James L. (June 2017).
1395:
1253:
1148:
1029:
834:
691:
626:
There is a conflict between stored hashed-passwords and hash-based
232:
has passwords for many purposes: logging into accounts, retrieving
221:
149:, paratroopers of the U.S. 101st Airborne Division used a password—
121:
3465:
User Manual for 2-Dimensional Key (2D Key) Input Method and System
3307:
2498:"You must provide a password between 1 and 8 characters in length"
2167:. Bugcharmer.blogspot.com (20 June 2012). Retrieved on 2013-07-30.
384:
Passwords that are used to generate cryptographic keys (e.g., for
1665:. Ancienthistory.about.com (2012-04-13). Retrieved on 2012-05-20.
1415:
1410:
1257:
1141:
1098:
1079:
1074:
1033:
948:
547:
541:
138:
2571:"Microsoft: You NEED bad passwords and should re-use them a lot"
2356:"Why You Should Lie When Setting Up Password Security Questions"
1553:"NIST Special Publication 800-63-3: Digital Identity Guidelines"
690:) before the new password can even be installed in the password
3785:
Technical Report - University of Cambridge. Computer Laboratory
3772:
3379:. waelchatila.com (18 September 2005). Retrieved on 2012-05-20.
2727:
Redding, David E.; Features, AEP published in (19 April 2019).
2390:
1851:. Fred Cohen and Associates. All.net. Retrieved on 20 May 2012.
1744:"Passwords Evolved: Authentication Guidance for the Modern Era"
1296:
1156:
854:
579:
537:
533:
529:
471:
316:
233:
124:
describes the system for the distribution of watchwords in the
3787:. Cambridge, UK: University of Cambridge Computer Laboratory.
3754:"A Research Agenda Acknowledging the Persistence of Passwords"
2915:"Experts Say We Can Finally Ditch Those Stupid Password Rules"
1305:
use question and answer cue/response pairs to verify identity.
978:. A related method, rather more efficient in most cases, is a
802:
to prevent access to transmitted passwords via network attacks
654:, which proves knowledge of the password without exposing it.
528:
systems) use more secure password hashing algorithms such as
3331:. Optical Security and Counterfeit Deterrence Techniques IV.
2863:"Hate silly password rules? So does the guy who created them"
2251:. Blog.thireus.com (29 August 2012). Retrieved on 2013-07-30.
1355:
1249:
666:
521:
389:
279:
The name of a pet, child, family member, or significant other
158:
3820:
3778:
3474:. xpreeli.com. (8 September 2008) . Retrieved on 2012-05-20.
1994:"Google Reveals the 10 Worst Password Ideas | TIME.com"
253:) than shorter passwords with a wide variety of characters.
39:"Passcode" redirects here. For the Japanese idol group, see
2824:
2798:
2263:
1772:
1273:
1086:
635:
512:
467:
411:
239:
178:
3418:. searchsecurity.techtarget.com. Retrieved on 20 May 2012.
3370:
Using AJAX for Image Passwords – AJAX Security Part 1 of 3
2623: : Myth #7. You Should Never Write Down Your Password
2379:
2377:
2175:
2173:
1992:
Techlicious / Fox Van Allen @techlicious (8 August 2013).
1611:. Computer Security Resource Center (NIST). Archived from
593:
3672:"Russian credential theft shows why the password is dead"
3409:
graphical password or graphical user authentication (GUA)
3218:"The top 12 password-cracking techniques used by hackers"
2562:
1716:"The World's First Computer Password? It Was Useless Too"
525:
463:
267:
for generating obscure passwords is another good method.
169:
85:, the verifier is able to infer the claimant's identity.
3888:
Centre for Security, Communications and Network Research
3887:
621:
3043:. Wired.com (27 October 2006). Retrieved on 2012-05-20.
2374:
2170:
3882:
Procedural Advice for Organisations and Administrators
2223:
An Administrator's Guide to Internet Password Research
956:
passwords into thinking the user did something good."
947:
According to a 2017 rewrite of this NIST report, many
552:
193:
algorithm 25 times to reduce the risk of pre-computed
2447:
Schneier on Security discussion on changing passwords
1678:
101st Airborne: The Screaming Eagles in World War II
838:
680:
482:
478:
2939:"NIST's new password rules – what you need to know"
2729:"Your Estate Could Have a Serious Password Problem"
2418:"The problems with forcing regular password expiry"
2259:
2257:
2190:. Bugcharmer.blogspot.com. Retrieved on 2013-07-30.
1318:. The reasons given often include reference to the
1309:
368:
Rate at which an attacker can try guessed passwords
204:and passwords are commonly used by people during a
29:
Text used for user authentication to prove identity
3073:
3071:
2913:
2885:
2538:"Password Reuse Is All Too Common, Research Shows"
1550:
1546:
1544:
1272:. One system requires users to select a series of
860:
783:to block the use of weak, easily guessed passwords
3702:"NSTIC head Jeremy Grant wants to kill passwords"
3427:
2529:
2467:"American Express: Strong Credit, Weak Passwords"
1803:"If Your Password Is 123456, Just Make It HackMe"
1073:In December 2009, a major password breach of the
732:
641:
46:For assistance with your Knowledge password, see
3901:
3430:"Images Could Change the Authentication Picture"
2999:: CS1 maint: bot: original URL status unknown (
2634:Microsoft security guru: Jot down your passwords
2383:
2317:Password Protection for Modern Operating Systems
2254:
1845:: CS1 maint: bot: original URL status unknown (
1763:CTSS Programmers Guide, 2nd Ed., MIT Press, 1965
3078:Urbina, Ian; Davis, Leslye (23 November 2014).
3068:
2726:
2500:. Jira.codehaus.org. Retrieved on 20 May 2012.
1906:Michael E. Whitman; Herbert J. Mattord (2014).
1541:
884:records are secure, to prevent theft or fraud.
723:
298:
3872:Research Papers on Password-based Cryptography
3867:Large collection of statistics about passwords
2801:"The Debate Around Password Rotation Policies"
2479:
2181:The Bug Charmer: How long should passwords be?
2086:"Top ten passwords used in the United Kingdom"
1557:National Institute of Standards and Technology
1314:"The password is dead" is a recurring idea in
936:National Institute of Standards and Technology
887:
548:Methods of verifying a password over a network
433:Some computer systems store user passwords as
3046:
2981:. Archived from the original on 23 April 2007
2614:
2568:
1520:
1518:
744:Allowing passwords of adequate length. (Some
657:Moving a step further, augmented systems for
3894:2017 draft update to NIST password standards
3642:"The Password Is Finally Dying. Here's Mine"
3585:"Google security exec: 'Passwords are dead'"
3317:. eprint.iacr.org. Retrieved on 20 May 2012.
2799:Kristen Ranta-Haikal Wilson (9 March 2020).
2602:Bruce Schneier : Crypto-Gram Newsletter
2535:
2326:(pdf). Usenix.org. Retrieved on 20 May 2012.
1827:. Archived from the original on 2 March 2008
1157:Alternatives to passwords for authentication
544:for a widely deployed and insecure example.
317:Factors in the security of a password system
3823:2012 IEEE Symposium on Security and Privacy
3756:. IEEE Security&Privacy. January 2012.
3077:
2664:
2264:Morris, Robert & Thompson, Ken (1979).
1934:"How to Create a Random Password Generator"
1896:(pdf). ncl.ac.uk. Retrieved on 20 May 2012.
610:) feature built into most current Internet
428:
291:Something related to a favorite sports team
3308:Cryptology ePrint Archive: Report 2005/434
2936:
2717:. World.std.com. Retrieved on 20 May 2012.
2526:. World.std.com. Retrieved on 20 May 2012.
2045:Lyquix Blog: Do We Need to Hide Passwords?
1887:The Memorability and Security of Passwords
1674:
1637:. Computer Security Resource Center (NIST)
1527:"Average person has 100 passwords - study"
1515:
848:It has been argued by Redmond researchers
586:or history files on any of these systems.
258:The Memorability and Security of Passwords
168:(CTSS), an operating system introduced at
3102:"Consumer Password Worst Practices (pdf)"
3024:. Schneier.com. Retrieved on 20 May 2012.
2636:. News.cnet.com. Retrieved on 2012-05-20.
2456:. Schneier.com. Retrieved on 20 May 2012.
2281:
2200:"passlib.hash - Password Hashing Schemes"
2138:
2018:
1782:
1564:
2883:
2856:
2854:
2132:
1713:
1524:
1474:
602:protection. The most widely used is the
412:Limits on the number of password guesses
240:Choosing a secure and memorable password
52:
3530:. IBM. 19 December 2011. Archived from
3500:
3273:
3271:
2911:
2907:
2905:
2673:from the original on 18 September 2010.
2054:. Lyquix.com. Retrieved on 20 May 2012.
1475:Ranjan, Pratik; Om, Hari (6 May 2016).
1456:Usability of web authentication systems
1108:, a consulting firm that does work for
996:Passwords easily discovered are termed
594:Transmission through encrypted channels
88:In general, a password is an arbitrary
14:
3902:
3877:The international passwords conference
3503:"Gates predicts death of the password"
3436:from the original on 10 November 2010.
3399:. mcpmag.com. Retrieved on 2012-05-20.
3279:"Gates predicts death of the password"
3244:"The Quest to Replace Passwords (pdf)"
3090:from the original on 28 November 2014.
2937:Wisniewski, Chester (18 August 2016).
2770:
1867:
1863:
1861:
1859:
1857:
1813:from the original on 11 February 2017.
1147:On 5 June 2012, a security breach at
3862:Large list of commonly used passwords
3552:
3454:from the original on 7 November 2010.
3428:Ericka Chickowski (3 November 2010).
2851:
2517:"To Capitalize or Not to Capitalize?"
2476:. Pcmag.com. Retrieved on 2012-05-20.
2398:from the original on 12 November 2014
2384:Joseph Steinberg (12 November 2014).
2040:
2038:
2019:Fleishman, Glenn (24 November 2015).
1957:
1797:
1525:Williams, Shannon (21 October 2020).
1205:or portable memory device, such as a
715:
622:Hash-based challenge–response methods
3639:
3268:
2902:
2860:
2708:"Should I write down my passphrase?"
2362:from the original on 23 October 2013
2000:from the original on 22 October 2013
1741:
1714:McMillan, Robert (27 January 2012).
1362:and various Identity 2.0 proposals.
1181:Time-synchronized one-time passwords
963:
902:
800:password-authenticated key agreement
765:Assigning randomly chosen passwords.
659:password-authenticated key agreement
648:password-authenticated key agreement
3730:. FIDO Alliance. 25 February 2014.
3501:Kotadia, Munir (25 February 2004).
3388:Butler, Rick A. (21 December 2004)
2898:from the original on 9 August 2017.
2873:from the original on 29 March 2018.
2583:from the original on 12 August 2014
2550:from the original on 12 August 2014
2410:
2266:"Password Security: A Case History"
2232:. (pdf) Retrieved on 14 March 2015.
1854:
553:Simple transmission of the password
189:and invoked a modified form of the
24:
3734:from the original on 15 March 2015
3708:from the original on 18 March 2015
3652:from the original on 13 March 2015
3640:Mims, Christopher (14 July 2014).
3565:from the original on 16 March 2015
3256:from the original on 19 March 2015
3180:from the original on 15 July 2011.
3162:from the original on 14 July 2017.
3114:from the original on 28 July 2011.
2926:from the original on 28 June 2018.
2912:Roberts, Jeff John (11 May 2017).
2884:McMillan, Robert (7 August 2017).
2465:Seltzer, Larry. (9 February 2010)
2179:Alexander, Steven. (20 June 2012)
2035:
1909:Principles of Information Security
1326:Alternatives to passwords include
1240:Non-text-based passwords, such as
1175:Transaction Authentication Numbers
57:A password field in a sign-in form
25:
3931:
3850:
3760:from the original on 20 June 2015
3682:from the original on 2 April 2015
3621:from the original on 2 April 2015
3595:from the original on 2 April 2015
3289:from the original on 2 April 2015
3136:from the original on 29 June 2011
2839:from the original on 20 June 2013
2536:Thomas, Keir (10 February 2011).
2158:The Bug Charmer: Passwords Matter
2139:Schofield, Jack (10 March 2003).
2065:Malaysia car thieves steal finger
1912:. Cengage Learning. p. 162.
914:
820:
681:Procedures for changing passwords
628:challenge–response authentication
3034:MySpace Passwords Aren't So Dumb
1868:Lundin, Leigh (11 August 2013).
1695:from the original on 2 June 2013
1481:Wireless Personal Communications
441:a one-way derivation, such as a
3896:for the U.S. federal government
3746:
3720:
3704:. Fedscoop. 14 September 2014.
3694:
3664:
3633:
3607:
3577:
3546:
3520:
3494:
3491:. Filing date: 18 December 2008
3477:
3458:
3402:
3382:
3363:
3320:
3301:
3236:
3210:
3184:
3166:
3148:
3118:
3094:
3027:
3008:
2971:
2953:
2930:
2877:
2818:
2792:
2764:
2746:
2720:
2701:
2677:
2665:Bob Jenkins (11 January 2013).
2658:
2639:
2626:
2595:
2510:
2491:
2459:
2440:
2348:
2329:
2310:
2235:
2193:
2151:
2123:
2105:
2077:
2057:
2012:
1985:
1951:
1926:
1899:
1880:
1817:
1791:
1766:
1757:
861:Writing down passwords on paper
839:writing passwords down on paper
282:Anniversary dates and birthdays
3890:, University of Plymouth (PDF)
3080:"The Secret Life of Passwords"
3015:Schneier, Real-World Passwords
2569:Pauli, Darren (16 July 2014).
1735:
1707:
1668:
1656:Polybius on the Roman Military
1649:
1627:
1601:
1468:
1112:, had their servers hacked by
878:
733:Password security architecture
642:Zero-knowledge password proofs
166:Compatible Time-Sharing System
98:personal identification number
13:
1:
3857:Graphical Passwords: A Survey
2646:"The Strong Password Dilemma"
2632:Kotadia, Munir (23 May 2005)
2358:. Techlicious. 8 March 2013.
1462:
1276:as a password, utilizing the
1028:, examining data from a 2006
925:Most organizations specify a
652:zero-knowledge password proof
3174:"Military Password Analysis"
2861:Tung, Liam (9 August 2017).
2621:"Ten Windows Password Myths"
2486:"Ten Windows Password Myths"
1870:"PINs and Passwords, Part 2"
1426:Password notification e-mail
1386:Access code (disambiguation)
1044:
724:Number of users per password
520:or Unix-like systems (e.g.,
299:Alternatives to memorization
7:
2771:Goodin, Dan (3 June 2019).
2667:"Choosing Random Passwords"
1825:"Managing Network Security"
1742:Hunt, Troy (26 July 2017).
1378:
1093:, a movement that includes
894:Multi-factor authentication
888:Multi-factor authentication
798:Using encrypted tunnels or
706:self-service password reset
10:
3936:
3553:Honan, Mat (15 May 2012).
2966:10.1109/ISNCC.2018.8531061
1681:. Mbi Publishing Company.
1173:, where they are known as
1061:, financial services firm
967:
918:
891:
590:most often in clear text.
288:Name of a favorite holiday
111:
45:
38:
31:
3728:"Specifications Overview"
3617:. IEEE. 25 January 2013.
3615:"Authentciation at Scale"
3020:23 September 2008 at the
2753:Two-factor authentication
2270:Communications of the ACM
2186:20 September 2012 at the
1609:"authentication protocol"
1493:10.1007/s11277-016-3342-5
1446:Random password generator
1332:two-factor authentication
1193:Access controls based on
355:rubber hose cryptanalysis
327:man-in-the-middle attacks
226:automated teller machines
34:Password (disambiguation)
3414:21 February 2009 at the
2713:17 February 2009 at the
2689:19 February 2011 at the
2607:15 November 2011 at the
2522:17 February 2009 at the
2452:30 December 2010 at the
2228:14 February 2015 at the
2070:20 November 2010 at the
1964:. Lulu.com. p. 17.
1876:. Orlando: SleuthSayers.
1566:10.6028/NIST.SP.800-63-3
1436:Password synchronization
808:denial of service attack
606:(TLS, previously called
604:Transport Layer Security
429:Form of stored passwords
419:denial of service attack
3910:Password authentication
3646:The Wall Street Journal
2892:The Wall Street Journal
2163:2 November 2013 at the
1195:public-key cryptography
941:The Wall Street Journal
558:subject to snooping by
228:(ATMs), etc. A typical
83:authentication protocol
2247:30 August 2012 at the
1589:Cite journal requires
1310:"The password is dead"
650:systems can perform a
342:for more information.
212:to protected computer
143:
58:
3249:. IEEE. 15 May 2012.
3039:29 March 2014 at the
2322:11 March 2016 at the
2292:10.1145/359168.359172
2113:US patent 8046827
2074:. BBC (31 March 2005)
2050:25 April 2012 at the
1996:. Techland.time.com.
1892:14 April 2012 at the
919:Further information:
376:Many systems store a
130:
65:, sometimes called a
56:
3591:. 25 February 2004.
3470:18 July 2011 at the
3395:27 June 2006 at the
3375:16 June 2006 at the
3313:14 June 2006 at the
3285:. 25 February 2004.
2758:18 June 2016 at the
2651:18 July 2010 at the
2472:12 July 2017 at the
2205:21 July 2013 at the
1958:Lewis, Dave (2011).
1167:Single-use passwords
1059:September 11 attacks
32:For other uses, see
3450:. 28 October 2010.
3341:2002SPIE.4677..275M
2504:21 May 2015 at the
1801:(10 January 2010).
1675:Mark Bando (2007).
1431:Password psychology
1406:Kerberos (protocol)
1303:Cognitive passwords
1242:graphical passwords
1106:Booz Allen Hamilton
835:mnemonic techniques
702:Identity management
359:side channel attack
294:The word "password"
48:Help:Reset password
3915:Identity documents
3831:10.1109/SP.2012.44
3678:. 14 August 2014.
3196:www.trendmicro.com
3126:"NATO site hacked"
3084:The New York Times
2341:9 May 2006 at the
2221:Florencio et al.,
2092:on 8 November 2006
1807:The New York Times
1661:2008-02-07 at the
1270:special characters
976:brute force attack
781:password blacklist
768:Requiring minimum
716:Password longevity
423:social engineering
378:cryptographic hash
195:dictionary attacks
147:Battle of Normandy
59:
3840:978-1-4673-1244-8
3390:Face in the Crowd
3349:10.1117/12.462719
3224:. 14 October 2019
3005:. cs.columbia.edu
2428:on 17 August 2016
2306:on 22 March 2003.
1919:978-1-305-17673-7
1775:Bell Laboratories
1688:978-0-7603-2984-9
1370:usability, while
1316:computer security
1286:one-time password
1134:Homeland Security
1104:On 11 July 2011,
1091:Operation AntiSec
1063:Cantor Fitzgerald
1050:On 16 July 1998,
986:Password strength
980:dictionary attack
970:Password cracking
964:Password cracking
909:computer security
903:Password rotation
760:password strength
504:password cracking
449:, or an advanced
394:Password cracking
340:computer security
336:password strength
306:password managers
214:operating systems
200:In modern times,
16:(Redirected from
3927:
3845:
3844:
3818:
3812:
3811:
3809:
3807:
3776:
3770:
3769:
3767:
3765:
3750:
3744:
3743:
3741:
3739:
3724:
3718:
3717:
3715:
3713:
3698:
3692:
3691:
3689:
3687:
3668:
3662:
3661:
3659:
3657:
3637:
3631:
3630:
3628:
3626:
3611:
3605:
3604:
3602:
3600:
3581:
3575:
3574:
3572:
3570:
3550:
3544:
3543:
3541:
3539:
3534:on 17 March 2015
3524:
3518:
3517:
3515:
3513:
3498:
3492:
3481:
3475:
3462:
3456:
3455:
3444:
3438:
3437:
3432:. Dark Reading.
3425:
3419:
3406:
3400:
3386:
3380:
3367:
3361:
3360:
3324:
3318:
3305:
3299:
3298:
3296:
3294:
3275:
3266:
3265:
3263:
3261:
3255:
3248:
3240:
3234:
3233:
3231:
3229:
3214:
3208:
3207:
3205:
3203:
3188:
3182:
3181:
3176:. 12 July 2011.
3170:
3164:
3163:
3158:. 11 July 2011.
3152:
3146:
3145:
3143:
3141:
3132:. 24 June 2011.
3122:
3116:
3115:
3113:
3106:
3098:
3092:
3091:
3075:
3066:
3065:
3063:
3061:
3050:
3044:
3031:
3025:
3012:
3006:
3004:
2998:
2990:
2988:
2986:
2975:
2969:
2957:
2951:
2950:
2949:on 28 June 2018.
2945:. Archived from
2934:
2928:
2927:
2917:
2909:
2900:
2899:
2889:
2881:
2875:
2874:
2858:
2849:
2848:
2846:
2844:
2838:
2831:
2822:
2816:
2815:
2813:
2811:
2796:
2790:
2789:
2787:
2785:
2768:
2762:
2750:
2744:
2743:
2741:
2739:
2724:
2718:
2705:
2699:
2681:
2675:
2674:
2662:
2656:
2643:
2637:
2630:
2624:
2618:
2612:
2599:
2593:
2592:
2590:
2588:
2566:
2560:
2559:
2557:
2555:
2533:
2527:
2514:
2508:
2495:
2489:
2483:
2477:
2463:
2457:
2444:
2438:
2437:
2435:
2433:
2414:
2408:
2407:
2405:
2403:
2381:
2372:
2371:
2369:
2367:
2352:
2346:
2333:
2327:
2314:
2308:
2307:
2302:. Archived from
2285:
2261:
2252:
2239:
2233:
2219:
2210:
2197:
2191:
2177:
2168:
2155:
2149:
2148:
2136:
2130:
2127:
2121:
2120:
2119:
2115:
2109:
2103:
2101:
2099:
2097:
2088:. Archived from
2081:
2075:
2061:
2055:
2042:
2033:
2032:
2030:
2028:
2016:
2010:
2009:
2007:
2005:
1989:
1983:
1982:
1980:
1978:
1955:
1949:
1948:
1946:
1944:
1930:
1924:
1923:
1903:
1897:
1884:
1878:
1877:
1865:
1852:
1850:
1844:
1836:
1834:
1832:
1821:
1815:
1814:
1795:
1789:
1788:
1786:
1770:
1764:
1761:
1755:
1754:
1752:
1750:
1739:
1733:
1732:
1730:
1728:
1711:
1705:
1704:
1702:
1700:
1672:
1666:
1653:
1647:
1646:
1644:
1642:
1631:
1625:
1624:
1622:
1620:
1605:
1599:
1598:
1592:
1587:
1585:
1577:
1575:
1573:
1568:
1548:
1539:
1538:
1536:
1534:
1522:
1513:
1512:
1472:
1421:Password fatigue
1391:Combination lock
1352:Liberty Alliance
1138:State Department
873:Password manager
843:password manager
770:password lengths
331:shoulder surfing
323:computer viruses
185:, used a 12-bit
41:Passcode (group)
21:
3935:
3934:
3930:
3929:
3928:
3926:
3925:
3924:
3900:
3899:
3853:
3848:
3841:
3819:
3815:
3805:
3803:
3793:10.48456/tr-817
3777:
3773:
3763:
3761:
3752:
3751:
3747:
3737:
3735:
3726:
3725:
3721:
3711:
3709:
3700:
3699:
3695:
3685:
3683:
3670:
3669:
3665:
3655:
3653:
3638:
3634:
3624:
3622:
3613:
3612:
3608:
3598:
3596:
3583:
3582:
3578:
3568:
3566:
3551:
3547:
3537:
3535:
3526:
3525:
3521:
3511:
3509:
3499:
3495:
3482:
3478:
3472:Wayback Machine
3463:
3459:
3446:
3445:
3441:
3426:
3422:
3416:Wayback Machine
3407:
3403:
3397:Wayback Machine
3387:
3383:
3377:Wayback Machine
3368:
3364:
3325:
3321:
3315:Wayback Machine
3306:
3302:
3292:
3290:
3277:
3276:
3269:
3259:
3257:
3253:
3246:
3242:
3241:
3237:
3227:
3225:
3216:
3215:
3211:
3201:
3199:
3190:
3189:
3185:
3172:
3171:
3167:
3154:
3153:
3149:
3139:
3137:
3124:
3123:
3119:
3111:
3104:
3100:
3099:
3095:
3076:
3069:
3059:
3057:
3054:"CERT IN-98.03"
3052:
3051:
3047:
3041:Wayback Machine
3032:
3028:
3022:Wayback Machine
3013:
3009:
2992:
2991:
2984:
2982:
2977:
2976:
2972:
2958:
2954:
2935:
2931:
2910:
2903:
2882:
2878:
2859:
2852:
2842:
2840:
2836:
2829:
2823:
2819:
2809:
2807:
2797:
2793:
2783:
2781:
2769:
2765:
2760:Wayback Machine
2751:
2747:
2737:
2735:
2725:
2721:
2715:Wayback Machine
2706:
2702:
2691:Wayback Machine
2682:
2678:
2663:
2659:
2653:Wayback Machine
2644:
2640:
2631:
2627:
2619:
2615:
2609:Wayback Machine
2600:
2596:
2586:
2584:
2567:
2563:
2553:
2551:
2534:
2530:
2524:Wayback Machine
2515:
2511:
2506:Wayback Machine
2496:
2492:
2484:
2480:
2474:Wayback Machine
2464:
2460:
2454:Wayback Machine
2445:
2441:
2431:
2429:
2416:
2415:
2411:
2401:
2399:
2382:
2375:
2365:
2363:
2354:
2353:
2349:
2343:Wayback Machine
2334:
2330:
2324:Wayback Machine
2315:
2311:
2283:10.1.1.135.2097
2276:(11): 594–597.
2262:
2255:
2249:Wayback Machine
2240:
2236:
2230:Wayback Machine
2220:
2213:
2207:Wayback Machine
2198:
2194:
2188:Wayback Machine
2178:
2171:
2165:Wayback Machine
2156:
2152:
2141:"Roger Needham"
2137:
2133:
2128:
2124:
2117:
2111:
2110:
2106:
2095:
2093:
2084:
2082:
2078:
2072:Wayback Machine
2063:Jonathan Kent
2062:
2058:
2052:Wayback Machine
2043:
2036:
2026:
2024:
2017:
2013:
2003:
2001:
1990:
1986:
1976:
1974:
1972:
1961:Ctrl-Alt-Delete
1956:
1952:
1942:
1940:
1932:
1931:
1927:
1920:
1904:
1900:
1894:Wayback Machine
1885:
1881:
1866:
1855:
1838:
1837:
1830:
1828:
1823:
1822:
1818:
1796:
1792:
1784:10.1.1.128.1635
1771:
1767:
1762:
1758:
1748:
1746:
1740:
1736:
1726:
1724:
1712:
1708:
1698:
1696:
1689:
1673:
1669:
1663:Wayback Machine
1654:
1650:
1640:
1638:
1633:
1632:
1628:
1618:
1616:
1607:
1606:
1602:
1590:
1588:
1579:
1578:
1571:
1569:
1549:
1542:
1532:
1530:
1523:
1516:
1473:
1469:
1465:
1460:
1401:Electronic lock
1381:
1348:Higgins project
1312:
1207:USB flash drive
1159:
1047:
1032:attack, 55% of
1014:John the Ripper
972:
966:
927:password policy
923:
921:Password policy
917:
905:
896:
890:
881:
863:
850:Dinei Florencio
823:
756:password policy
735:
726:
718:
683:
644:
624:
596:
555:
550:
524:or the various
431:
414:
386:disk encryption
370:
319:
301:
242:
210:controls access
114:
51:
44:
37:
30:
23:
22:
15:
12:
11:
5:
3933:
3923:
3922:
3917:
3912:
3898:
3897:
3891:
3885:
3879:
3874:
3869:
3864:
3859:
3852:
3851:External links
3849:
3847:
3846:
3839:
3813:
3771:
3745:
3719:
3693:
3676:Computer World
3663:
3632:
3606:
3576:
3545:
3519:
3493:
3476:
3457:
3439:
3420:
3401:
3381:
3362:
3319:
3300:
3267:
3235:
3209:
3183:
3165:
3147:
3117:
3093:
3067:
3056:. 16 July 1998
3045:
3026:
3007:
2970:
2952:
2943:Naked Security
2929:
2901:
2876:
2850:
2817:
2805:SANS Institute
2791:
2763:
2745:
2719:
2700:
2698:
2697:
2676:
2657:
2638:
2625:
2613:
2594:
2561:
2528:
2509:
2490:
2478:
2458:
2439:
2409:
2373:
2347:
2328:
2309:
2253:
2234:
2211:
2192:
2169:
2150:
2131:
2122:
2104:
2076:
2056:
2034:
2011:
1984:
1971:978-1471019111
1970:
1950:
1925:
1918:
1898:
1879:
1853:
1816:
1790:
1765:
1756:
1734:
1721:Wired magazine
1706:
1687:
1667:
1648:
1626:
1615:on 17 May 2019
1600:
1591:|journal=
1540:
1514:
1487:(1): 217–244.
1466:
1464:
1461:
1459:
1458:
1453:
1448:
1443:
1441:Pre-shared key
1438:
1433:
1428:
1423:
1418:
1413:
1408:
1403:
1398:
1393:
1388:
1382:
1380:
1377:
1336:single sign-on
1311:
1308:
1307:
1306:
1300:
1294:
1280:'s ability to
1246:authentication
1238:
1235:
1231:Single sign-on
1228:
1214:
1203:security token
1191:
1184:
1178:
1171:online banking
1158:
1155:
1154:
1153:
1145:
1102:
1085:In June 2011,
1083:
1071:
1055:
1046:
1043:
1026:Bruce Schneier
968:Main article:
965:
962:
916:
915:Password rules
913:
904:
901:
892:Main article:
889:
886:
880:
877:
867:Bruce Schneier
862:
859:
822:
821:Password reuse
819:
815:
814:
811:
803:
796:
795:
794:
791:
784:
777:
773:
766:
762:and security.
752:
749:
742:
734:
731:
725:
722:
717:
714:
682:
679:
643:
640:
623:
620:
595:
592:
554:
551:
549:
546:
430:
427:
413:
410:
406:key stretching
369:
366:
318:
315:
310:single sign-on
300:
297:
296:
295:
292:
289:
286:
283:
280:
241:
238:
126:Roman military
113:
110:
28:
9:
6:
4:
3:
2:
3932:
3921:
3918:
3916:
3913:
3911:
3908:
3907:
3905:
3895:
3892:
3889:
3886:
3883:
3880:
3878:
3875:
3873:
3870:
3868:
3865:
3863:
3860:
3858:
3855:
3854:
3842:
3836:
3832:
3828:
3824:
3817:
3802:
3798:
3794:
3790:
3786:
3782:
3775:
3759:
3755:
3749:
3733:
3729:
3723:
3707:
3703:
3697:
3681:
3677:
3673:
3667:
3651:
3647:
3643:
3636:
3620:
3616:
3610:
3594:
3590:
3586:
3580:
3564:
3560:
3556:
3549:
3533:
3529:
3523:
3508:
3504:
3497:
3490:
3486:
3485:US20110055585
3480:
3473:
3469:
3466:
3461:
3453:
3449:
3443:
3435:
3431:
3424:
3417:
3413:
3410:
3405:
3398:
3394:
3391:
3385:
3378:
3374:
3371:
3366:
3358:
3354:
3350:
3346:
3342:
3338:
3334:
3330:
3323:
3316:
3312:
3309:
3304:
3288:
3284:
3280:
3274:
3272:
3252:
3245:
3239:
3223:
3219:
3213:
3198:. 18 May 2016
3197:
3193:
3187:
3179:
3175:
3169:
3161:
3157:
3151:
3135:
3131:
3127:
3121:
3110:
3103:
3097:
3089:
3085:
3081:
3074:
3072:
3055:
3049:
3042:
3038:
3035:
3030:
3023:
3019:
3016:
3011:
3002:
2996:
2980:
2974:
2967:
2963:
2956:
2948:
2944:
2940:
2933:
2925:
2921:
2916:
2908:
2906:
2897:
2893:
2888:
2880:
2872:
2868:
2864:
2857:
2855:
2835:
2828:
2821:
2806:
2802:
2795:
2780:
2779:
2774:
2767:
2761:
2757:
2754:
2749:
2734:
2733:Kiplinger.com
2730:
2723:
2716:
2712:
2709:
2704:
2695:
2694:
2692:
2688:
2685:
2680:
2672:
2668:
2661:
2654:
2650:
2647:
2642:
2635:
2629:
2622:
2617:
2610:
2606:
2603:
2598:
2582:
2578:
2577:
2572:
2565:
2549:
2545:
2544:
2539:
2532:
2525:
2521:
2518:
2513:
2507:
2503:
2499:
2494:
2487:
2482:
2475:
2471:
2468:
2462:
2455:
2451:
2448:
2443:
2427:
2423:
2419:
2413:
2397:
2393:
2392:
2387:
2380:
2378:
2361:
2357:
2351:
2344:
2340:
2337:
2332:
2325:
2321:
2318:
2313:
2305:
2301:
2297:
2293:
2289:
2284:
2279:
2275:
2271:
2267:
2260:
2258:
2250:
2246:
2243:
2238:
2231:
2227:
2224:
2218:
2216:
2208:
2204:
2201:
2196:
2189:
2185:
2182:
2176:
2174:
2166:
2162:
2159:
2154:
2146:
2142:
2135:
2126:
2114:
2108:
2091:
2087:
2083:Stuart Brown
2080:
2073:
2069:
2066:
2060:
2053:
2049:
2046:
2041:
2039:
2022:
2015:
1999:
1995:
1988:
1973:
1967:
1963:
1962:
1954:
1939:
1935:
1929:
1921:
1915:
1911:
1910:
1902:
1895:
1891:
1888:
1883:
1875:
1871:
1864:
1862:
1860:
1858:
1848:
1842:
1826:
1820:
1812:
1808:
1804:
1800:
1799:Vance, Ashlee
1794:
1785:
1780:
1776:
1769:
1760:
1745:
1738:
1723:
1722:
1717:
1710:
1694:
1690:
1684:
1680:
1679:
1671:
1664:
1660:
1657:
1652:
1636:
1630:
1614:
1610:
1604:
1596:
1583:
1567:
1562:
1558:
1554:
1547:
1545:
1528:
1521:
1519:
1510:
1506:
1502:
1498:
1494:
1490:
1486:
1482:
1478:
1471:
1467:
1457:
1454:
1452:
1449:
1447:
1444:
1442:
1439:
1437:
1434:
1432:
1429:
1427:
1424:
1422:
1419:
1417:
1414:
1412:
1409:
1407:
1404:
1402:
1399:
1397:
1394:
1392:
1389:
1387:
1384:
1383:
1376:
1373:
1367:
1363:
1361:
1360:FIDO Alliance
1357:
1353:
1349:
1345:
1341:
1337:
1333:
1329:
1324:
1321:
1317:
1304:
1301:
1298:
1295:
1292:
1287:
1283:
1279:
1275:
1271:
1267:
1263:
1259:
1255:
1251:
1247:
1243:
1239:
1236:
1232:
1229:
1226:
1222:
1218:
1215:
1212:
1208:
1204:
1200:
1196:
1192:
1188:
1185:
1182:
1179:
1176:
1172:
1168:
1165:
1164:
1163:
1150:
1146:
1143:
1139:
1135:
1131:
1127:
1123:
1119:
1115:
1111:
1107:
1103:
1100:
1096:
1092:
1088:
1084:
1081:
1076:
1072:
1068:
1064:
1060:
1056:
1053:
1049:
1048:
1042:
1040:
1035:
1031:
1027:
1021:
1019:
1015:
1011:
1007:
1003:
999:
994:
992:
987:
983:
981:
977:
971:
961:
957:
953:
950:
945:
943:
942:
937:
931:
928:
922:
912:
910:
900:
895:
885:
876:
874:
870:
868:
858:
856:
851:
846:
844:
841:, or using a
840:
836:
832:
828:
818:
812:
809:
804:
801:
797:
792:
790:identifiers).
789:
785:
782:
778:
774:
771:
767:
764:
763:
761:
757:
753:
750:
747:
743:
740:
739:
738:
730:
721:
713:
709:
707:
703:
699:
697:
693:
689:
678:
676:
672:
668:
664:
660:
655:
653:
649:
639:
637:
633:
632:shared secret
629:
619:
617:
613:
609:
605:
601:
600:cryptographic
591:
587:
585:
581:
576:
572:
567:
565:
561:
545:
543:
539:
535:
531:
527:
523:
518:
515:systems. The
514:
510:
505:
500:
495:
492:
491:rainbow table
486:
484:
480:
475:
473:
469:
465:
461:
456:
455:Roger Needham
452:
451:hash function
448:
444:
438:
436:
426:
424:
420:
409:
407:
403:
399:
395:
391:
387:
382:
379:
374:
365:
362:
360:
356:
352:
347:
343:
341:
337:
332:
328:
324:
314:
311:
307:
293:
290:
287:
284:
281:
278:
277:
276:
272:
268:
266:
261:
259:
254:
252:
247:
237:
235:
231:
230:computer user
227:
223:
219:
218:mobile phones
215:
211:
208:process that
207:
203:
198:
196:
192:
188:
184:
180:
176:
175:Robert Morris
171:
167:
162:
160:
156:
152:
148:
142:
140:
135:
129:
127:
123:
119:
109:
107:
101:
99:
95:
91:
86:
84:
80:
76:
72:
68:
64:
55:
49:
42:
35:
27:
19:
3822:
3816:
3804:. Retrieved
3784:
3774:
3762:. Retrieved
3748:
3736:. Retrieved
3722:
3710:. Retrieved
3696:
3684:. Retrieved
3675:
3666:
3654:. Retrieved
3645:
3635:
3623:. Retrieved
3609:
3597:. Retrieved
3588:
3579:
3567:. Retrieved
3558:
3548:
3536:. Retrieved
3532:the original
3522:
3510:. Retrieved
3506:
3496:
3489:WO2010010430
3479:
3460:
3442:
3423:
3404:
3384:
3365:
3332:
3328:
3322:
3303:
3291:. Retrieved
3282:
3258:. Retrieved
3238:
3226:. Retrieved
3221:
3212:
3200:. Retrieved
3195:
3186:
3168:
3150:
3138:. Retrieved
3130:The Register
3129:
3120:
3096:
3083:
3058:. Retrieved
3048:
3029:
3010:
2983:. Retrieved
2973:
2955:
2947:the original
2942:
2932:
2919:
2891:
2879:
2866:
2841:. Retrieved
2820:
2808:. Retrieved
2804:
2794:
2782:. Retrieved
2778:Ars Technica
2776:
2766:
2748:
2736:. Retrieved
2732:
2722:
2703:
2679:
2660:
2641:
2628:
2616:
2597:
2585:. Retrieved
2576:The Register
2574:
2564:
2552:. Retrieved
2541:
2531:
2512:
2493:
2481:
2461:
2442:
2430:. Retrieved
2426:the original
2421:
2412:
2400:. Retrieved
2389:
2364:. Retrieved
2350:
2331:
2312:
2304:the original
2273:
2269:
2237:
2195:
2153:
2145:The Guardian
2144:
2134:
2125:
2107:
2094:. Retrieved
2090:the original
2079:
2059:
2025:. Retrieved
2014:
2002:. Retrieved
1987:
1975:. Retrieved
1960:
1953:
1941:. Retrieved
1937:
1928:
1908:
1901:
1882:
1873:
1829:. Retrieved
1819:
1806:
1793:
1774:
1768:
1759:
1747:. Retrieved
1737:
1725:. Retrieved
1719:
1709:
1697:. Retrieved
1677:
1670:
1651:
1639:. Retrieved
1635:"Passphrase"
1629:
1617:. Retrieved
1613:the original
1603:
1582:cite journal
1570:. Retrieved
1531:. Retrieved
1484:
1480:
1470:
1371:
1368:
1364:
1325:
1313:
1282:recall faces
1221:fingerprints
1160:
1132:facilities,
1126:Marine corps
1110:the Pentagon
1038:
1022:
1005:
1001:
997:
995:
984:
973:
958:
954:
946:
939:
932:
924:
906:
897:
882:
871:
864:
847:
824:
816:
758:to increase
754:Enforcing a
736:
727:
719:
710:
700:
684:
656:
645:
625:
616:cryptography
597:
588:
568:
556:
496:
487:
481:file or the
476:
439:
432:
415:
383:
375:
371:
363:
348:
344:
320:
302:
273:
269:
262:
257:
255:
243:
199:
163:
154:
150:
144:
131:
128:as follows:
117:
115:
102:
87:
78:
74:
66:
62:
60:
26:
3060:9 September
2611:15 May 2001
2402:12 November
1943:5 September
1278:human brain
1260:instead of
1211:floppy disk
1075:Rockyou.com
879:After death
696:unencrypted
688:wiretapping
560:wiretapping
483:/etc/shadow
479:/etc/passwd
3904:Categories
3202:11 October
2979:"Password"
2843:12 October
2810:31 October
2784:1 November
2422:IA Matters
2366:16 October
2023:. MacWorld
2004:16 October
1529:. NordPass
1463:References
1451:Shibboleth
1328:biometrics
1187:PassWindow
1128:, various
1070:passwords.
1010:L0phtCrack
1002:vulnerable
776:passwords.
443:polynomial
285:Birthplace
224:decoders,
202:user names
106:passphrase
94:characters
3801:1476-2986
3329:Proc SPIE
2738:17 August
2587:10 August
2554:10 August
2300:207656012
2278:CiteSeerX
2096:14 August
1874:Passwords
1779:CiteSeerX
1501:0929-6212
1344:Cardspace
1340:Microsoft
1320:usability
1217:Biometric
1152:accounts.
1130:Air Force
1118:USCENTCOM
1114:Anonymous
1095:Anonymous
1067:Microsoft
1045:Incidents
1039:password1
831:usernames
788:biometric
779:Employ a
575:plaintext
571:plaintext
499:plaintext
435:plaintext
402:Wi-Fi WPA
351:extortion
265:algorithm
118:watchword
71:memorized
18:Passwords
3806:22 March
3758:Archived
3738:15 March
3732:Archived
3712:14 March
3706:Archived
3686:14 March
3680:Archived
3656:14 March
3650:Archived
3625:12 March
3619:Archived
3599:14 March
3593:Archived
3569:14 March
3563:Archived
3538:14 March
3468:Archived
3452:Archived
3434:Archived
3412:Archived
3393:Archived
3373:Archived
3357:16897825
3311:Archived
3293:14 March
3287:Archived
3260:11 March
3251:Archived
3178:Archived
3160:Archived
3134:Archived
3109:Archived
3088:Archived
3037:Archived
3018:Archived
2995:cite web
2924:Archived
2896:Archived
2871:Archived
2834:Archived
2756:Archived
2711:Archived
2687:Archived
2671:Archived
2649:Archived
2605:Archived
2581:Archived
2548:Archived
2543:PC World
2520:Archived
2502:Archived
2470:Archived
2450:Archived
2432:5 August
2396:Archived
2360:Archived
2339:Archived
2320:Archived
2245:Archived
2226:Archived
2203:Archived
2184:Archived
2161:Archived
2068:Archived
2048:Archived
2027:28 April
1998:Archived
1890:Archived
1841:cite web
1831:31 March
1811:Archived
1749:22 March
1727:22 March
1693:Archived
1659:Archived
1559:(NIST).
1533:28 April
1509:21912076
1396:Diceware
1379:See also
1254:graphics
1209:or even
1149:LinkedIn
1065:through
1030:phishing
949:websites
827:attacker
692:database
612:browsers
246:attacker
222:cable TV
183:crypt(3)
122:Polybius
79:verifier
75:claimant
67:passcode
63:password
3920:Secrecy
3764:20 June
3337:Bibcode
3335:: 275.
3228:18 July
3140:24 July
2920:Fortune
1977:10 July
1416:PassMap
1411:Keyfile
1262:letters
1258:colours
1190:screen.
1142:Imperva
1099:LulzSec
1080:Imperva
1034:MySpace
991:entropy
667:B-SPEKE
661:(e.g.,
564:packets
542:LM hash
447:modulus
251:entropy
155:thunder
139:tribune
134:maniple
112:History
100:(PIN).
3837:
3799:
3355:
3222:IT PRO
2985:20 May
2693:(pdf)
2391:Forbes
2298:
2280:
2118:
1968:
1916:
1781:
1699:20 May
1685:
1641:17 May
1619:17 May
1572:17 May
1507:
1499:
1358:, the
1350:, the
1346:, the
1297:2D Key
1266:digits
1250:images
1225:irises
1124:, the
1016:, and
1006:strong
855:Forbes
746:legacy
580:backup
538:scrypt
536:, and
534:bcrypt
530:PBKDF2
485:file.
472:PBKDF2
357:, and
234:e-mail
206:log in
90:string
3884:(PDF)
3559:Wired
3512:8 May
3507:ZDNet
3353:S2CID
3254:(PDF)
3247:(PDF)
3112:(PDF)
3105:(PDF)
2867:ZDNet
2837:(PDF)
2830:(PDF)
2296:S2CID
1938:PCMAG
1505:S2CID
1372:every
1356:NSTIC
1291:crack
1274:faces
1197:e.g.
1122:SOCOM
675:SRP-6
671:PAK-Z
584:cache
522:Linux
517:crypt
390:Wi-Fi
159:D-Day
151:flash
3835:ISBN
3808:2019
3797:ISSN
3766:2015
3740:2015
3714:2015
3688:2015
3658:2015
3627:2015
3601:2015
3589:CNET
3571:2015
3540:2015
3514:2019
3333:4677
3295:2015
3283:CNET
3262:2015
3230:2022
3204:2023
3142:2011
3062:2009
3001:link
2987:2012
2845:2012
2812:2022
2786:2022
2740:2024
2589:2014
2556:2014
2434:2016
2404:2014
2368:2013
2098:2007
2029:2021
2006:2013
1979:2015
1966:ISBN
1945:2021
1914:ISBN
1847:link
1833:2009
1751:2019
1729:2019
1701:2012
1683:ISBN
1643:2019
1621:2019
1595:help
1574:2019
1535:2021
1497:ISSN
1087:NATO
1052:CERT
1018:Cain
998:weak
636:Unix
513:Unix
468:SHA1
466:and
460:salt
400:and
338:and
187:salt
179:Unix
3827:doi
3789:doi
3345:doi
2962:doi
2288:doi
1561:doi
1489:doi
1342:'s
1334:or
1268:or
1256:or
1199:ssh
1000:or
663:AMP
608:SSL
526:BSD
509:DES
464:MD5
398:PGP
388:or
256:In
191:DES
170:MIT
92:of
3906::
3833:.
3795:.
3783:.
3674:.
3648:.
3644:.
3587:.
3561:.
3557:.
3505:.
3487:,
3351:.
3343:.
3281:.
3270:^
3220:.
3194:.
3128:.
3107:.
3086:.
3082:.
3070:^
2997:}}
2993:{{
2941:.
2922:.
2918:.
2904:^
2894:.
2890:.
2869:.
2865:.
2853:^
2832:.
2803:.
2775:.
2731:.
2669:.
2579:.
2573:.
2546:.
2540:.
2420:.
2394:.
2388:.
2376:^
2294:.
2286:.
2274:22
2272:.
2268:.
2256:^
2214:^
2172:^
2143:.
2037:^
1936:.
1872:.
1856:^
1843:}}
1839:{{
1809:.
1805:.
1777:.
1718:.
1691:.
1586::
1584:}}
1580:{{
1555:.
1543:^
1517:^
1503:.
1495:.
1485:90
1483:.
1479:.
1354:,
1338:,
1330:,
1264:,
1252:,
1223:,
1136:,
1120:,
1097:,
1012:,
993:.
845:.
837:,
673:,
669:,
665:,
618:.
582:,
532:,
474:.
453:.
445:,
425:.
408:.
361:.
353:,
325:,
308:,
220:,
216:,
197:.
61:A
3843:.
3829::
3810:.
3791::
3768:.
3742:.
3716:.
3690:.
3660:.
3629:.
3603:.
3573:.
3542:.
3516:.
3359:.
3347::
3339::
3297:.
3264:.
3232:.
3206:.
3144:.
3064:.
3003:)
2989:.
2968:.
2964::
2847:.
2814:.
2788:.
2742:.
2591:.
2558:.
2436:.
2406:.
2370:.
2290::
2209:.
2147:.
2100:.
2031:.
2008:.
1981:.
1947:.
1922:.
1849:)
1835:.
1787:.
1753:.
1731:.
1703:.
1645:.
1623:.
1597:)
1593:(
1576:.
1563::
1537:.
1511:.
1491::
810:.
772:.
50:.
43:.
36:.
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.
