!!! Overview
[{$pagename}] is the degree resistance to a [password] value from being obtained by an [Unauthorized] [entity] (ie an [Attacker])
[{$pagename}] deals with the [Password] [Entropy]
Generally "Truly" random passwords are better than any other methods. Also the longer a password is the better.
[{$pagename}] must strike a balance between maximizing [security] and maximizing [Usability]. Generally results indicate that, as might be expected, increases in [{$pagename}] (ie [entropy]) often correlate with a decreases in [usability].[1]
[{$pagename}] helps prevent the condition of an [Unauthorized] [entity] Obtains a [password] by:
* [Brute-Force] of submitting various password to an [Identity Provider (IDP)] until the correct [Password] is discovered.
* [Credential Leaked Database]
* [Heuristic Attacks]
!! Components of [{$pagename}]
Typical components of [{$pagename}] within the [Password Modification Policy] include:
* [Password Minimum Length]
* [Password Maximum Length]
* [Password Character Composition]
* Comparisons against [Password Dictionary]
* Comparisons against [Credential Leaked Database]
!! Poor Practices for [{$pagename}] [2]
A common piece of password advice is to substitute characters, such as numbers or special characters, for letters. For example, password becomes p@$$w0rd. These are sometimes called "leetspeak" passwords, because "elite" hackers originally used such character substitutions using. However, these are easily defeated by [Password Spraying] which use [Heuristic Attacks]
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Of Passwords and People: Measuring the Effect of Password-Composition Policies|http://www.guanotronic.com/~serge/papers/chi11b.pdf|target='_blank'] - based on information obtained 2017-04-08-
* [#2] - [Secure Passwords Keep You Safer|https://www.wired.com/2007/01/secure-passwords-keep-you-safer/|target='_blank'] - based on information obtained 2017-01-02