|A password is a word, phrase, or pattern
that grants access to a system.
Passwords are based on the concept of keeping secrets, which can be a great security device. Under most circumstances, you’re in complete control of the information
you keep in your head.
Everyone knows that keeping a secret is hard. Tell a single person and the secret is out. A secret can become public knowledge within a matter of hours if it’s juicy enough.
Two basic types of passwords exist: good and bad. Bad passwords are those that are easily guessed, those that can be compromised through research, or those too hard to remember. Good passwords are impossible for someone else to figure out. Good and bad password systems also exist. Bad systems encourage, or neglect to protect against, the use of bad passwords. Unfortunately, it’s not always easy to come
up with good passwords, and only a few good password systems are available.
The majority of computer security systems use passwords that are some combination of letters and/or numbers. These passwords tend to fall into one of four categories:
- Numeric: These would be things like your ATM pin number, voicemail pass codes, or alarm system codes (12345 or 1052).
- Word/phrase: These consist of “open sesame” challenge-response systems used in spy movies (“The weather is warm for January, is it not?” “Yes, but the flight of the eagle in May is more majestic.”).
- Mnemonic alphanumeric: These passwords are a combination of letters and numbers meaningful to the user: “fine4you,” or “nice2n0u.” One technique is to use the first letter of each word from a memorized phrase or song lyric, such as “Mhallwfwwas” (think baaaahhhh).
- Random alphanumeric: Smash the keyboard a few times, or get a pet monkey to do it (*2aq!zm3L or s-gjq32#gm1). If the monkey’s poundings start to read like Hamlet, it’s broken and you need a new monkey.
The above information is the start of a chapter in "Network Security Illustrated," published by McGraw-Hill and available from amazon.com, as well as your local bookstore. The book goes into much greater depth on this topic. To learn more about the book and what it covers, click here.
Below, you'll find links to online resources that supplement this portion of the book.