Overview#
Password Quality is the degree resistance to a password value from being obtained by an Unauthorized entity (ie an Attacker)Password Quality deals with the Password Entropy
Generally "Truly" random passwords are better than any other methods. Also the longer a password is the better.
Password Quality must strike a balance between maximizing security and maximizing Usability. Generally results indicate that, as might be expected, increases in Password Quality (ie entropy) often correlate with a decreases in usability.[1]
Password Quality helps prevent the condition of an Unauthorized entity Obtains a password by:
- Brute-Force of submitting various password to an Identity Provider (IDP) until the correct Password is discovered.
- Credential Leaked Database
- Heuristic Attacks
Components of Password Quality#
Typical components of Password Quality within the Password Modification Policy include:- Password Minimum Length
- Password Maximum Length
- Password Character Composition
- Comparisons against Password Dictionary
- Comparisons against Credential Leaked Database
Poor Practices for Password Quality [2]#
A common piece of password advice is to substitute characters, such as numbers or special characters, for letters. For example, password becomes p@$$w0rd. These are sometimes called "leetspeak" passwords, because "elite" hackers originally used such character substitutions using. However, these are easily defeated by Password Spraying which use Heuristic AttacksMore Information#
There might be more information for this subject on one of the following:- Draft-behera-ldap-password-policy
- Implementing Universal Password
- MsDS-PasswordComplexityEnabled
- NspmComplexityRules
- Password Authentication is Broken
- Password Character Composition
- Password Complexity
- Password Considerations and Requirements
- Password Maximum Length
- Password Minimum Length
- Password Modification Policy
- Passwords Must Meet Complexity Requirements
- Personal Identification Number
- Web Authentication API
- Web Blog_blogentry_090217_1
- [#1] - Of Passwords and People: Measuring the Effect of Password-Composition Policies
- based on information obtained 2017-04-08-
- [#2] - Secure Passwords Keep You Safer
- based on information obtained 2017-01-02