Overview #

A Password (or Passphrase, Passcode, Passkey, PIN) is a Token which is a credential that a claimant typically memorizes and uses for Authentication typically of a Digital Identity.

A password is considered a Knowledge Factor (Something You Know) as an Authentication Factors

A Password is a secret value that may be utilized to provide Authentication in Password Authentication.

Password are typically character strings, however some systems use a number of images that the subscriber memorizes and must identify when presented along with other similar images.

Despite the name, there is no need for passwords to be actual words. Password which are not actual words may be harder to guess, a desirable property.

The terms Passcode and Passkey are sometimes used when the secret information is purely numeric, such as the personal identification number PIN commonly used for ATM access. Some passwords are formed from multiple words and may be referred to as a Passphrase.

We will refer to any of these which are all generally Passwords of one form or another:

All are a secret value that may be utilized to provide Authentication in some Authentication Methods.

A Password is a secret value that may be utilized to provide proof of identity in some Authentication Method. In particular, a password is used in:

The security that a password provides is based entirely on the fact that only the password's owner knows the password value. If someone else learns a user's password through some means, then that third party can impersonate that user and may be able to perform any operation available to that user.

Most LDAP Server Implementations provides a number of Password Policy features that can be used to help ensure that passwords are not discovered by third-party individuals (e.g., helping to ensure that users aren't allowed to use weak passwords, providing protection against brute-force attacks, requiring authentication attempts and password Changes from being performed in a secure manner, etc.), but nevertheless Passwords are often considered weaker forms of protection than other Authentication Methods like certificates.

Password Management#

One of the issues with using Passwords is Password Management.

More Information#

There might be more information for this subject on one of the following: