Password
A password is a string of characters—typically including letters, numbers, and symbols—used to authenticate a user's identity or verify access authorization in computer systems and digital services.[1] As a form of "something you know" authenticator, it serves as a memorized secret that users provide to prove they are who they claim to be, often as part of single-factor or multi-factor authentication processes.[2] The concept of computer passwords originated in the early 1960s at the Massachusetts Institute of Technology (MIT), where computer scientist Fernando Corbató implemented them to secure individual user files on shared mainframe systems like the Compatible Time-Sharing System (CTSS).[3] This innovation addressed the need for privacy and resource allocation among multiple users accessing the same hardware, marking the beginning of password-based access control in computing.[4] Over decades, passwords evolved into a foundational element of cybersecurity, integral to everything from local logins to online banking and enterprise networks, though their design has faced ongoing scrutiny for balancing usability and security.[5] In modern usage, passwords encompass variations such as passphrases (sequences of words or text for easier memorization and greater length) and PINs (numeric-only codes, often shorter for specific devices).[2] They can be static (reusable across sessions) or dynamic, like one-time passwords (OTPs) generated for temporary use in protocols such as time-synchronized authentication.[6] However, passwords remain vulnerable to threats including brute-force guessing, dictionary attacks, phishing, and credential stuffing from data breaches, prompting standards bodies to refine protections.[7] For example, simple passwords like 'password123' are widely discouraged due to their minimal security against common attacks.[8] To mitigate these risks, authoritative guidelines from the National Institute of Standards and Technology (NIST) emphasize password length as the primary strength factor, recommending a minimum of 15 characters for single-factor authentication (8 characters when part of multi-factor authentication), with no upper limit beyond practical constraints, while discouraging forced periodic changes or rigid composition rules like mandatory uppercase letters or symbols.[9] Organizations must screen new passwords against blocklists of commonly used or compromised ones, store them using salted hashing algorithms (e.g., PBKDF2 or bcrypt), and promote unique passwords per account to prevent widespread compromise.[2] These practices, updated in NIST Special Publication 800-63B Revision 4 as of July 2025, reflect a shift toward usability without sacrificing security, alongside the rise of complementary methods like multi-factor authentication.[2]Fundamentals
Definition and Purpose
A password is a secret string of characters, typically consisting of letters, numbers, and symbols, used by a user to verify their identity and gain access to a protected resource, such as a computer system, website, or device.[10] This authentication mechanism serves as a fundamental barrier to ensure that only authorized individuals can interact with sensitive data or perform actions on behalf of their account.[11] The term "password" originates from the military practice of using a secret word or phrase to allow passage past a sentry, literally combining "pass" and "word" to denote something that enables entry.[12] In modern computing, this concept has evolved to digital contexts where passwords fulfill primary purposes including user authentication to confirm legitimacy, data protection by safeguarding personal and organizational information from unauthorized exposure, and access control to restrict entry to specific systems, networks, or applications.[13][14] At its core, password authentication operates through a basic verification process: a user enters their credentials, which the system compares against a securely stored representation without exposing the original password to intermediaries or attackers.[15] This comparison grants or denies access accordingly, maintaining confidentiality during the login attempt. For illustration, a simple password might be an easily guessable alphanumeric string like "letmein," while a more robust one incorporates uppercase and lowercase letters, numbers, and symbols, such as "P@ssw0rd2023!."[16][17]Types of Passwords
Passwords can be categorized based on their structure, generation method, and intended use, each offering distinct trade-offs in security, usability, and vulnerability profiles. Traditional text-based passwords form the foundation, while alternatives address limitations such as memorability and resistance to guessing attacks. These categories include static, dynamic, passphrase, graphical, and context-specific variants, as defined in authentication standards and research literature. Static passwords, also known as memorized secrets, consist of fixed alphanumeric strings that users enter repeatedly for authentication to online accounts, email services, or local systems. They are the most common type, relying on secrecy and complexity to prevent unauthorized access, but are susceptible to phishing and brute-force attacks if reused across multiple sites. According to NIST guidelines, static passwords must be at least eight characters long and protected against common dictionary words to enhance entropy.[18] Dynamic passwords, or one-time passwords (OTPs), are temporary codes generated for single-use authentication, mitigating risks associated with static credentials by expiring after a short period or one verification. They are often produced using hardware tokens, software applications like Google Authenticator, or SMS delivery, following standards such as the HMAC-based One-Time Password (HOTP) algorithm, which uses a shared secret and counter for synchronization, or the Time-based One-Time Password (TOTP) algorithm, which incorporates a time step for generation. These methods are integral to multi-factor authentication (MFA) setups, providing higher assurance than static passwords alone.[19][20] Passphrases extend the concept of static passwords by using longer sequences of words, phrases, or sentences, typically 14 characters or more, to improve memorability while increasing resistance to cracking due to greater length and entropy. Unlike short, complex passwords that users often forget or write down, passphrases leverage natural language patterns, such as "correct horse battery staple," to balance security and usability. NIST recommends passphrases over traditional passwords when longer inputs are permitted, as length provides superior protection against offline attacks compared to enforced complexity rules.[21][22][18] Graphical passwords replace or supplement text inputs with visual elements, allowing users to authenticate by selecting points, drawing patterns, or recognizing images on an interface, which can be more intuitive for touch-based devices. Common implementations include pattern locks on smartphones, where users trace a predefined shape on a grid, or click-based systems where specific image regions are chosen. Research surveys classify these into recall-based (e.g., Draw-A-Secret, requiring reproduction of a drawing) and recognition-based (e.g., selecting faces from a grid) schemes, noting their potential to reduce keylogging risks but vulnerability to shoulder-surfing. Early proposals, such as PassPoints, demonstrated usability advantages over text passwords in lab settings, though adoption of advanced graphical schemes remains limited, while simple pattern locks are widely used on smartphones.[23][24] Context-specific passwords adapt the core concept to particular applications, such as master passwords used in encryption tools and password managers to derive keys for protecting vaults of credentials, or PINs as numeric-only subsets limited to four to six digits for quick access like ATM withdrawals or device unlocks. Master passwords employ key derivation functions to encrypt data, ensuring that compromise of individual site passwords does not expose the entire store. PINs, while simpler and faster, are treated as low-entropy memorized secrets in security policies, often requiring additional factors for high-assurance scenarios.[25][26]Historical Development
Early Origins
In Greek and Roman military traditions, passwords evolved into structured watchwords (known as parolē in Greek and tessera in Latin) used for identifying allies during nighttime patrols, camp entries, and battles where uniforms were absent. These daily-changing terms, distributed via wooden tablets or messengers and marked by recipients to confirm receipt, drew symbolic power from deities or concepts to boost morale and invoke divine favor; examples include the Greeks' "Phoebus" in Euripides' Rhesus and "Artemis Agrotera" from Aeneas Tacticus, while Romans employed "Venus Victrix" at Pharsalus under Caesar and "FELICITAS" at Thapsus. Such practices, documented in historical accounts like those of Herodotus, Xenophon, and Polybius, underscored passwords' role in maintaining discipline and excluding infiltrators, with commanders selecting terms for their rhetorical or religious resonance.[27] Medieval military contexts adapted these verbal challenges for sentries during sieges and patrols, where knights and soldiers exchanged passwords to verify identities amid chaotic night operations or castle defenses. By the 19th century, passwords transitioned into written and coded forms for industrial authorization, as seen in U.S. telegraph systems like Wells Fargo's, which from the 1800s used cipher books to encrypt sensitive transactions—replacing terms like "gold coin" with innocuous words (e.g., "hornet") and scrambling messages via preset patterns updated frequently under lock and key—to securely authorize money transfers and report robberies without interception.[28] Early secret societies further formalized passphrases as written or ritualistic tools for member verification, drawing from medieval stonemason guilds that employed passwords, handshakes, and signs to exclude non-members from lucrative construction commissions on cathedrals and fortifications. This guild tradition, evolving into speculative Freemasonry by the 17th century, preserved such secrets across apprentice, fellowcraft, and master stages to maintain exclusivity and philosophical bonds.[29] Key events in the World Wars highlighted passwords' espionage and authentication roles; during World War I, Allied forces used code words in trench patrols and signals for secure identification amid infiltration risks, while in World War II, operations like D-Day (June 6, 1944) relied on challenge-response pairs such as "flash" (challenge) and "thunder" (reply) to confirm paratroopers and infantry as allies during chaotic landings.[30]Evolution in Computing and Digital Age
The introduction of passwords in computing began in the 1960s with the development of multi-user time-sharing systems. In 1961, Fernando Corbató and his team at MIT implemented the Compatible Time-Sharing System (CTSS), which pioneered the use of individual user accounts protected by personal passwords to manage access on a shared mainframe computer, addressing the need for privacy in collaborative environments.[31][32] This innovation allowed multiple users to interact with the system simultaneously without interfering with each other's files, marking the first widespread application of passwords in digital systems.[33] During the 1970s and 1980s, passwords became integral to operating systems and early networks as computing expanded. The UNIX operating system, developed in the early 1970s at Bell Labs, stored user credentials including hashed passwords in the /etc/passwd file, enabling secure multi-user access on minicomputers and workstations.[34] This file format persisted as a standard, though vulnerabilities like plain-text storage in early versions prompted later enhancements such as password shadowing in the mid-1980s.[35] Concurrently, the ARPANET, the precursor to the modern internet, incorporated passwords for network access starting in the early 1970s; for instance, in 1973, researcher Peter Kirstein implemented password protection on his gateway to the network, reflecting growing concerns over unauthorized remote connections.[36] By the 1980s, as ARPANET evolved into broader internet protocols, passwords were routinely used for email and file transfer services, laying the groundwork for distributed authentication.[37] The 1990s saw a surge in password usage with the commercialization of the web and internet services. HTTP Basic Authentication, introduced in 1993 by Ari Luotonen at CERN as part of HTTP 1.0, provided a simple mechanism for transmitting usernames and passwords over the web, facilitating early secure logins despite its base64 encoding limitations.[38] This era also marked the rise of consumer-facing applications requiring passwords, such as email services like Hotmail (launched 1996) and AOL, which demanded user credentials for account access amid the internet boom.[39] Online banking emerged similarly, with institutions like Wells Fargo offering web-based access in 1995, relying on passwords to protect financial transactions as e-commerce proliferated.[40] In the 2000s, advancements in encryption bolstered password security in web communications. The integration of SSL (Secure Sockets Layer), developed in 1994 but widely adopted in the 2000s via browsers like Netscape, and its successor TLS (Transport Layer Security), ensured passwords were transmitted encrypted during logins, mitigating eavesdropping risks on public networks.[41] This period also witnessed the emergence of password management tools to handle the growing number of credentials; LastPass, launched in 2008, popularized browser-based autofill and secure storage, helping users generate and retrieve complex passwords across sites.[42] The 2010s and 2020s brought a push toward alternatives to traditional passwords amid rising breach incidents, though passwords remained dominant in many applications. Major data exposures, such as the 2013 Yahoo breach affecting over 3 billion accounts—including hashed passwords—exposed weaknesses in storage practices like outdated MD5 hashing, prompting widespread adoption of stronger algorithms like bcrypt and influencing regulatory scrutiny on authentication hygiene.[43] This led to trends in passwordless authentication, including biometrics and FIDO2 standards, with projections indicating over 60% of large enterprises implementing such methods by 2026 to reduce phishing vulnerabilities.[44] Despite these shifts, passwords persist in legacy systems and mobile apps due to compatibility, even as hybrid approaches combine them with multi-factor elements.[45] Key milestones in standardization include the evolution of NIST Special Publication 800-63, first issued in draft form around 2004 and formally published in 2006 as "Electronic Authentication Guideline," which outlined levels of assurance for digital identities using passwords.[46] Subsequent revisions, such as SP 800-63B in 2017, deprecated composition rules (e.g., requiring mixed case) in favor of longer passphrases and blacklists of compromised passwords, while the 2024 update (Revision 4) further emphasized phishing-resistant authenticators and equity in access.[47] These guidelines have shaped federal and industry practices, promoting usability without sacrificing security.[48]Creating and Managing Secure Passwords
Principles of Password Strength
Password strength refers to a password's resistance to unauthorized access through guessing or computational cracking attacks, primarily quantified by its entropy, which measures the uncertainty or randomness in bits required to represent the password space. Higher entropy corresponds to a larger possible keyspace, making exhaustive search infeasible within practical timeframes. Entropy for a truly random password is calculated as H = \log_2(|C|^L), where L is the password length and |C| is the size of the character set, equivalent to L \times \log_2(|C|).[49] Length is the most critical factor in achieving sufficient entropy, as it exponentially expands the keyspace; guidelines recommend a minimum of 15 characters for single-factor authentication (8 characters when used in multi-factor authentication), with longer lengths preferred to mitigate brute-force risks effectively.[50] For instance, extending from 8 to 12 characters can increase entropy by 50% or more, depending on the character set, rendering attacks that probe billions of combinations per second impractical over human timescales.[50] While composition rules mandating specific character types are discouraged to avoid user frustration, incorporating diversity—such as uppercase letters, lowercase letters, numbers, and symbols—enlarges the effective |C| (e.g., up to 94 printable ASCII characters), thereby boosting entropy without relying on enforced policies.[50][49] To maximize strength, passwords must avoid predictable patterns that reduce effective entropy, including dictionary words, personal information like birthdays or names, and sequential or repetitive sequences such as "123456" or "password," which are vulnerable to targeted dictionary and rule-based attacks.[2] These elements drastically shrink the search space, as attackers exploit common human choices; for example, blacklisting the top 10,000 leaked passwords can prevent reuse of highly probable guesses.[2] One method to generate high-entropy passphrases while aiding memorability is Diceware, which selects words randomly from a list of 7,776 unique terms using dice rolls or equivalent random processes, yielding approximately 12.9 bits of entropy per word since \log_2(7776) \approx 12.9.[51] A passphrase of 4-6 such words provides 52-77 bits of entropy, suitable for most applications, with 6 words recommended for robust protection.[51] As a quantitative illustration, a 12-character random password drawn from 94 printable ASCII characters achieves about 78.6 bits of entropy ($12 \times \log_2(94) \approx 78.6), which resists brute-force attacks even at speeds of $10^9 guesses per second on high-end GPUs, requiring approximately 14 million years to exhaust on average.[49][52]Techniques for Memorability and Security
One effective approach to creating memorable yet secure passwords involves mnemonic devices, such as deriving acronyms from a personal sentence or phrase. For instance, the phrase "My Dog Ate The Homework 2023!" can be transformed into the password "MDATH2023!" by taking the first letter of each word and incorporating numbers or symbols. This technique leverages human memory for familiar narratives while increasing length and complexity, as demonstrated in empirical studies evaluating mnemonic password creation tips.[16][53] Passphrase strategies further enhance memorability by combining unrelated random words, often with substitutions or numbers for added security. A seminal example is the passphrase "correct horse battery staple," popularized in a 2011 xkcd comic, which illustrates how four common words can yield high entropy—approximately 44 bits—due to their length, making it far more resistant to brute-force attacks than shorter complex passwords. The National Institute of Standards and Technology (NIST) endorses such passphrases in its guidelines, recommending lengths of at least 15 characters for single-factor use (8 for multi-factor, up to 64) without mandatory composition rules, as they are easier for users to recall without resorting to predictable patterns.[54][2] To avoid common vulnerabilities, users should employ substitutions like replacing "a" with "@" or "e" with "3," but steer clear of overused patterns such as sequential numbers or keyboard walks (e.g., "qwerty"). NIST research highlights that enforced complexity often leads to predictable substitutions, reducing effective security, whereas simple yet varied alterations in passphrases maintain both recall and strength.[2] User studies support these methods, with NIST's 2017 guidelines drawing on evidence that user-friendly approaches to strong password creation—such as passphrases—significantly reduce reuse across accounts compared to rigid complexity requirements, which frustrate users and encourage weaker habits. For example, composition rules prompt predictable passwords like "Password1!", increasing guessability and reuse rates.[2][55] Password generators provide a practical tool for producing secure, memorable options like random word combinations, allowing customization for length and character inclusion without manual effort. These tools, often based on diceware or similar entropy-maximizing algorithms, help users avoid low-entropy choices while ensuring recall through phonetic or visual associations.[56] A common pitfall is over-reliance on browser-based password saving, which can lead to selecting weaker passwords under the false assumption of convenience, as users may reuse simple credentials across sites or neglect updates due to auto-fill ease. Security analyses indicate this practice heightens risks, as browser storage is vulnerable to malware extraction and encourages complacency in password strength.[57]Password Policies and Rules
Password policies and rules establish standardized guidelines enforced by organizations and systems to ensure passwords meet security criteria during creation, maintenance, and usage. These policies typically mandate a minimum password length of 15 characters for single-factor authentication (8 for multi-factor) to resist brute-force attacks, as shorter passwords can be cracked more quickly.[2] Many systems also require complexity, such as including at least one uppercase letter, one lowercase letter, one number, and one special character, to increase entropy and complicate guessing or dictionary-based attacks. Early standards in the 2000s, such as those in NIST Special Publication 800-53 (Revision 3, 2009), emphasized composition rules requiring passwords to incorporate multiple character types to enhance strength against automated cracking. The 2017 revision of NIST SP 800-63B marked a significant shift toward length over mandatory complexity, recommending a minimum of 8 characters (up to 64) as research showed that forcing diverse characters often led users to predictable patterns rather than truly random ones.[2] The 2025 Revision 4 further refined these guidelines, increasing the minimum length to 15 characters for single-factor use, eliminating remaining composition mandates, and explicitly supporting password managers and autofill for better usability.[2] This evolution prioritizes usability alongside security, allowing passphrases for better memorability while screening against known compromised passwords.[2] Enforcement mechanisms include rate-limiting on failed login attempts, such as no more than 100 consecutive failures before temporary lockout or disabling the authenticator, to thwart brute-force or credential-stuffing attacks while avoiding denial-of-service risks.[59][2] Policies may also require periodic password changes, though modern guidelines like NIST 800-63B advise against routine resets unless compromise is suspected, as they encourage weaker choices.[2] Systems often implement these through group policy objects in environments like Active Directory, automatically applying rules domain-wide.[60] While complexity rules aim to bolster resistance to offline attacks, studies indicate they can backfire by prompting users to create simpler, reusable passwords across accounts or write them down, ultimately reducing overall security. For instance, a 2010 analysis by Microsoft researchers of policies on 75 popular websites found that stringent composition requirements correlated with lower effective password strength due to user workarounds like minimal compliance (e.g., appending a digit to dictionary words). Similarly, Microsoft's 2016 password guidance, drawing on empirical data, recommends eliminating periodic changes and composition mandates in favor of longer, user-chosen secrets to minimize reuse and improve compliance.[61] In regulated industries, policies align with legal frameworks for data protection. The General Data Protection Regulation (GDPR) under Article 32 requires "appropriate technical and organisational measures" for security, often interpreted as enforcing minimum 8-12 character lengths, complexity mixes, and regular reviews to safeguard personal data, though it specifies no exact rules.[62] HIPAA's Security Rule (45 CFR § 164.312) mandates access controls including unique user identification and automatic logoff, commonly implemented via policies requiring at least 8-character passwords with optional complexity, drawing from NIST standards to protect electronic protected health information (ePHI).[63][64] Organizations often tailor policies using role-based access control (RBAC), applying stricter rules to high-privilege users; for example, administrators may face minimum 12-14 character lengths and enhanced complexity, while standard users adhere to baseline requirements, ensuring proportional security without overburdening all accounts.[65]Storage and Verification
Secure Storage Methods
Secure password storage relies on cryptographic techniques that transform passwords into irreversible representations, ensuring that even if an attacker accesses the storage system, the original passwords cannot be easily retrieved. The fundamental approach is to use one-way hash functions, which convert the password into a fixed-length digest or hash value, rather than storing plaintext passwords that could be directly exposed in case of a breach.[66] Algorithms such as SHA-256, a member of the SHA-2 family, or bcrypt, designed specifically for password hashing, produce these digests by applying a mathematical transformation that is computationally infeasible to reverse.[67] Bcrypt, introduced in 1999, incorporates the Blowfish cipher to create a slow, adaptive hash resistant to hardware acceleration attacks.[67] To enhance security against precomputed attacks, salting is employed by appending or prepending a unique random value, known as a salt, to each user's password before hashing. This salt, typically 16 bytes or longer and generated randomly per user, ensures that identical passwords produce different hashes, rendering precomputed lookup tables ineffective.[66] Rainbow table attacks, which rely on massive databases of pre-hashed common passwords, are thwarted because an attacker would need to generate a separate rainbow table for every possible salt, exponentially increasing the computational cost.[66] The basic salting process can be represented as:wherehash_result = hash_function(password || salt)hash_result = hash_function(password || salt)
|| denotes concatenation, and the salt is stored alongside the hash for verification.[66] Modern hashing algorithms like bcrypt and Argon2 automatically incorporate salting, generating and embedding the salt within the output string.[67]
Iterative or key derivation functions further strengthen storage by repeatedly applying the hash function multiple times, introducing a deliberate computational delay to deter brute-force and dictionary attacks. PBKDF2 (Password-Based Key Derivation Function 2), standardized in RFC 2898, uses a pseudorandom function like HMAC-SHA-256 iterated at least 600,000 times for new systems to balance security and performance.[68] Argon2, the winner of the 2015 Password Hashing Competition, adds memory-hardness by requiring significant RAM (e.g., 19 MiB minimum) alongside iterations (e.g., 2) and parallelism (e.g., 1), making parallelized attacks on GPUs or ASICs more expensive.[69] These work factors—such as 100,000 iterations for PBKDF2 in resource-constrained environments—should be tuned based on hardware capabilities and increased over time as computing power advances.[70]
In database implementations, password hashes should be stored in dedicated, encrypted fields separate from other user data to minimize exposure scope during breaches, using full-disk encryption or column-level protections where feasible.[66] This separation, combined with parameterized queries, helps mitigate vulnerabilities like SQL injection, where attackers might attempt to extract hashes directly from the database; proper storage ensures that even if injected, the data remains protected and unusable without extensive offline computation.[66] OWASP guidelines emphasize avoiding outdated algorithms like MD5 and SHA-1 due to their vulnerability to collision attacks, where different inputs produce the same hash, potentially allowing forged passwords, and their speed which facilitates brute-forcing.[66] Instead, systems should adopt adaptive, slow hashes like those recommended to future-proof against evolving threats.[70]
| Algorithm | Key Features | Recommended Parameters | Source |
|---|---|---|---|
| bcrypt | Adaptive cost factor, built-in salting | Work factor ≥10 | USENIX 1999 Paper |
| PBKDF2 | Iterative with HMAC, FIPS-compliant | ≥600,000 iterations (HMAC-SHA-256) | RFC 2898 |
| Argon2id | Memory-hard, side-channel resistant | 19 MiB memory, 2 iterations, 1 parallelism | PHC Winner |