Password

A password field in a sign in form

A password, sometimes called a passcode, is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized,[1] but the large number of password-protected services that a typical individual accesses can make memorization of unique passwords for each service impractical.[2] Using the terminology of the NIST Digital Identity Guidelines,[3] the secret is held by a party called the claimant while the party verifying the identity of the claimant is called the verifier. When the claimant successfully demonstrates knowledge of the password to the verifier through an established authentication protocol,[4] the verifier is able to infer the claimant's identity.

In general, a password is an arbitrary string of characters including letters, digits, or other symbols. If the permissible characters are constrained to be numeric, the corresponding secret is sometimes called a personal identification number (PIN).

Despite its name, a password does not need to be an actual word; indeed, a non-word (in the dictionary sense) may be harder to guess, which is a desirable property of passwords. A memorized secret consisting of a sequence of words or other text separated by spaces is sometimes called a passphrase. A passphrase is similar to a password in usage, but the former is generally longer for added security.[5]

  1. ^ Ranjan, Pratik; Om, Hari (6 May 2016). "An Efficient Remote User Password Authentication Scheme based on Rabin's Cryptosystem". Wireless Personal Communications. 90 (1): 217–244. doi:10.1007/s11277-016-3342-5. ISSN 0929-6212. S2CID 21912076.
  2. ^ Williams, Shannon (21 October 2020). "Average person has 100 passwords - study". NordPass. Retrieved 28 April 2021.
  3. ^ Grassi, Paul A.; Garcia, Michael E.; Fenton, James L. (June 2017). "NIST Special Publication 800-63-3: Digital Identity Guidelines". National Institute of Standards and Technology (NIST). doi:10.6028/NIST.SP.800-63-3. Retrieved 17 May 2019. {{cite journal}}: Cite journal requires |journal= (help)
  4. ^ "authentication protocol". Computer Security Resource Center (NIST). Archived from the original on 17 May 2019. Retrieved 17 May 2019.
  5. ^ "Passphrase". Computer Security Resource Center (NIST). Retrieved 17 May 2019.