Passwords are almost universally used as the primary means of authenticating the identity of a person for computer systems or applications. They may come in different forms — such as alphanumeric text, PIN digits, passphrases or “select A from B” systems — but they all share the same characteristics.
Passwords are a string of symbols that users memorize and keep secret. The string must be entered correctly to authenticate and allow access (subject to authorization, which is not being discussed here). Failure to enter the password correctly implies that the identity is not authenticated, but a failure does not distinguish between error and attack. Instead, a sequence of failures is normally viewed as an indication of an attack, and the normal response is to temporarily disable the account, or perhaps delay the response to each new attempt
The paper below will show that passwords provide a sense of security that can be highly misleading. Security professionals agree that although authentication by password alone is used the vast majority of the time across the Internet and in enterprises, more robust authentication systems provide better protection.
This content is made possible by our sponsor. The editorial staff of Government Executive was not involved in its preparation