Main Page | See live article | Alphabetical index


A password is a common means of access control. Typically this is for computer systems, which is the model we will discuss here.

The 'user' whose access is being controlled (all users in principle, though some users have special privileged access deliberately or accidentally on some systems) maybe a real human at a keyboard, or a process / program, on the local or some other computer system. The user is asked to supply some information (ie, the password) as a credential. If the password given matches that the system has stored for that user, the user is permitted access by the login facility (usually a part of the operating system) to the computer system. The access granted may be limited to certain directories and files, to only certain executables, only for certain times, only for a limited amount of resources (eg, computer CPU time, or disk storage space, ...). Success implies that the user is 'authentic' in that only he (or it) should have knowledge of the password.

Examples include logons to computer systems such as e-mail servers, or Illya Kuryakin proving his identity to the U.N.C.L.E security door with a code word, or a PIN (Personal Identification Number) at a bank cash machine.

Despite the name, there is no need (unless a particular system requires it) for passwords to be real words, indeed they are frequently harder to steal or guess (a very desirable trait) if they are not.

A passcode is sometimes taken to imply that the information used is purely numeric, such as the PIN commonly used for ATM access.

Note that password is often used to describe what would be more accurately called a pass phrase.

Passwords are sometimes shared by the members of a group who are thus all intended to have the same access to the computer system, but this is less sensible than individual passwords since the more people (or programs) which know a password the higher the chance that password will become known to others and since membership in such a group may not coincide with the existence of the group. Individual passwords allow Alice, who has left the group, to be removed from it, thus losing access which was ex officio her membership. This is a simple example of the often subtle problems with access controls, including passwords.

The security of a password protected system against illegitimate access depends on several factors but they all relate to keeping the password completely secret.

Despite encryption procedures providing increased security, no password system is totally immune to attack. There exist tools which can determine some plaintext passwords, given a copy of the file containing the encrypted ones. By comparing the encrypted outcome of every word (and many word variations) from some word collection (ie, a dictionary), a program can automatically attack many computer systems. These dictionary attack tools demonstrate by existence the relative strengths of different password choices against such attacks. This is an example of a brute force attack in which all possible (or in the case of a dictionary attack, a sizable subset of all), possible passwords are tried.

A weak password would be one that was short or which could be rapidly guessed by searching a subset such as words in the dictionary, proper names, words based on the user name or common variations on these themes. A strong password would be sufficiently long, random, or produceable only by the user who chose it, that 'guessing' for it will require 'too long'. How long that is will vary with the attacker, with attacker resources, and with how important the password being sought is to the attacker. 'Weak' and 'strong' have only a rather fuzzy meaning in this context, but are often misused in ways implying considerable precision.

It has been said that the ideal password should be "impossible to remember", and so unlikely to be guessable. Such passwords are surely stronger, which is to say harder for an attacker to discover; but they are more often written down and so easier to discover by looking under drawers or keyboards or behind pictures. Such passwords evoke violations of another bit of common, and wise, advice -- "never writte a password down anywhere". Requiring 'strong' passwords thus often causes the unintended consequence that many such passwords get written down, increasing the liklihood that they will be lost, snooped, copied, or otherwise compromised.

If even the smallest possibility exists that the password has become known to anyone other than those to whom it 'belongs', it should always be considered compromised, and immediately changed. Human users commonly resist such measures.

See also: social engineering, Password length parameter, Password length equation.