Overview #

A Password (or Passphrase, Passcode, Passkey, PIN) is a Token which is a credential that a claimant typically memorizes and uses for Authentication typically of a Digital Identity.

A password is considered a Knowledge Factor (Something You Know) as an Authentication Factors

A Password is a secret value that may be utilized to provide Authentication in Password Authentication.

Password are typically character strings, however some systems use a number of images that the subscriber memorizes and must identify when presented along with other similar images.

Despite the name, there is no need for passwords to be actual words. Password which are not actual words may be harder to guess, a desirable property.

The terms Passcode and Passkey are sometimes used when the secret information is purely numeric, such as the personal identification number PIN commonly used for ATM access. Some passwords are formed from multiple words and may be referred to as a Passphrase.

We will refer to any of these which are all generally Passwords of one form or another:

• Password
• Passcode
• PIN
• Passphrase
• Passkey
• Password Token

All are a secret value that may be utilized to provide Authentication in some Authentication Methods.

A Password is a secret value that may be utilized to provide proof of identity in some Authentication Method. In particular, a password is used in:

• Simple Authentication
• CRAM-MD5 SASL Mechanism
• DIGEST-MD5
• PLAIN SASL Mechanism SASL mechanisms.

The security that a password provides is based entirely on the fact that only the password's owner knows the password value. If someone else learns a user's password through some means, then that third party can impersonate that user and may be able to perform any operation available to that user.

Most LDAP Server Implementations provides a number of Password Policy features that can be used to help ensure that passwords are not discovered by third-party individuals (e.g., helping to ensure that users aren't allowed to use weak passwords, providing protection against brute-force attacks, requiring authentication attempts and password Changes from being performed in a secure manner, etc.), but nevertheless Passwords are often considered weaker forms of protection than other Authentication Methods like certificates.

Password Management#

One of the issues with using Passwords is Password Management.

More Information#

There might be more information for this subject on one of the following:

• AD Determining Password Expiration
• AD Password Filters
• API Service Delivery
• AS Exchange
• AS_REP
• Account Usability Request Control
• Active Directory Account Lockout
• Ambiguous Name Resolution
• Anonymous bind
• Apple ID
• Authentication Challenges
• Authentication Password Syntax
• Authenticator
• Authorization Header
• Bad-Pwd-Count
• Basic Authentication Scheme
• Best Practices Password
• Biometric Data Challenges
• Blinding Identity Taxonomy
• Bounded Context
• Bring Your Own Identity
• CRAM-MD5 SASL Mechanism
• CTAP2
• Challenge-response
• Client To Authenticator Protocol
• Closed-Loop Authentication
• Common Active Directory Bind Errors
• Common Edirectory Bind Errors
• Computer Fraud and Abuse Act
• Covert Redirect Vulnerability
• Craig
• Credential
• Credential Leakage
• Credential Management
• Credential Management API
• Credential Reset
• Credential Vault
• DIGEST-MD5
• DONT_EXPIRE_PASSWORD
• Delegation vs Impersonation
• DirXML Fan-Out System Intercept
• DirXML PWFILTER.DLL
• DirXML-NamedPasswords
• Draft-behera-ldap-password-policy
• EDirectory LDAP Transaction
• EDirectory Password Expiration
• EdirectoryPasswords
• Electronic Identity Credential
• Enable UserPassword in Microsoft Active Directory
• FIDO
• Fast IDentity Online
• Federated Identity
• FreeRADIUS Password Request
• Glossary Of LDAP And Directory Terminology
• Grace Logins
• Have I been pwned
• How passwords are used in Windows
• IAM Charter
• IDM Related Compliance Items
• IDM The Application Developers Dilemma
• IDM The User Dilemma
• IMA Policies
• Identify and Authenticate access to system components
• Identity Lifecycle Management
• Kerberos
• Kerberos Authentication Service
• Kerberos Pre-Authentication
• Key Derivation Function
• Key Generation
• LDAP Authentication
• LDAP Result Codes
• LDAP_INVALID_CREDENTIALS
• LM hash
• LOA 2
• LOA 3
• LeftMenu
• Local Security Authority Subsystem Service
• M-04-04 Level of Assurance (LOA)
• Memorized secrets
• Mimikatz
• MsDS-MinimumPasswordLength
• MsDS-PasswordComplexityEnabled
• MsDS-PasswordHistoryLength
• MsDS-PasswordReversibleEncryptionEnabled
• MsDS-UserPasswordExpiryTimeComputed
• Multi-Factor Authentication
• NCP Primary Authentication Protocol
• NDS Authentication
• NDS Login Methods
• NDSPassword
• NIST.SP.800-132
• NIST.SP.800-63B
• NMAS
• NMAS Result Codes
• NMAS_E_INVALID_SPM_REQUEST
• NMAS_E_LOGIN_FAILED
• NTLMv2
• Ndsconfig Parameters
• NetworkAddress
• NetworkCleartext
• Non-interactive
• Novell Secure Password Manager
• NspmConfigurationOptions
• NspmDoNotExpirePassword
• NspmPassword
• OAuth 2.0 Use Cases
• OAuth Parameters Registry
• One-Time password
• One-time password device tokens
• OpenID
• Oracle Passwords
• PAM module-arguments
• PASSWD_NOTREQD
• PBKDF2
• PDC Emulator FSMO Role
• PKCS12
• Pass-the-hash
• Pass-the-ticket
• Password
• Password Administrator
• Password Anti-Pattern
• Password Authentication
• Password Authentication Protocol
• Password Authentication is Broken
• Password Character Composition
• Password Complexity
• Password Considerations and Requirements
• Password Dictionary
• Password Expiration
• Password Flow From Active Directory to eDirectory
• Password Generator
• Password Grace Authentication
• Password History
• Password Life Time
• Password Management
• Password Modification Policy
• Password Modify Extended Operation
• Password Modify Operation
• Password Periodic Changes
• Password Policy
• Password Quality
• Password Recovery
• Password Reset
• Password Reuse
• Password Spraying
• Password Statistics
• Password Storage Scheme
• Password Strength
• Password Usage Policy
• Password Validator
• Password Validity Policy
• Password-authenticated Key Agreement
• Password-authenticated Key Exchange
• Password-based
• Password-hash
• PasswordInHistory
• Passwordless SMS Authentication
• Passwords Must Meet Complexity Requirements
• PasswordsUsed
• Personal Identification Number
• Personally Identifiable Information
• Phishing
• Primary Access Token
• Privileged User Management
• Pwd
• PwdAccountLockedTime
• PwdExpireWarning
• PwdInHistory
• PwdLockout
• PwdLockoutDuration
• PwdMaxLength
• PwdMustChange
• PwdProperties
• Replay attack
• Resource Access Control Facility
• Rich Credential
• SASL
• SCIM Password Management Extension
• SNMP
• SS7 hack
• Salt
• Samba
• SecretStore
• Secure Password Manager
• Service Account
• Session Management
• ShadowLastChange
• Shared Secret
• Simple Authentication
• Single Sign-On
• Social Login
• Something You Know
• Strength of Function for Authenticators
• Subscriber Identification Module
• System Authorization Facility
• TGS Session Key
• Ticket Granting Ticket
• TimeBeforeExpiration
• Token
• Transaction Authentication Number
• TrustAuthIncoming
• TrustAuthOutgoing
• U2F
• UnicodePwd
• Universal Authentication Framework
• Universal Password
• Universal Second Factor
• UniversalPasswordSecretBits
• Unvalidated redirects and forwards
• User-Account-Control Attribute Values
• Verizon Data Breach Investigations Report
• Web Blog_blogentry_090217_1
• Web Blog_blogentry_121118_1
• Web Blog_blogentry_161018_1
• Web Blog_blogentry_180317_1
• Web Blog_blogentry_241018_1
• Web Blog_blogentry_250816_1
• Well-known Security Identifiers
• What To Do About Passwords
• Why OpenID Connect
• Windows Credential Provider
• Windows Hello
• Windows Logon Types
• XDAS Account Management