A password is an unspaced sequence of characters used to determine that a computer user requesting access to a computer system is really that particular user. Typically, users of a multiuser or securely protected single-user system claim a unique name (called a user ID) that can be generally known. In order to verify that someone entering that user ID really is that person, a second identification, the password, known only to that person and to the system itself, is entered by the user. Most networks require that end users change their passwords on a periodic basis.
A password is typically somewhere between four and 16 characters, depending on how the computer system is set up. When a password is entered, the computer system is careful not to display the characters on the display screen, in case others might see it. Password entropy predicts how difficult a given password would be to crack through guessing, brute force cracking, dictionary attacks or other common methods. Password hardening is any one of a variety of measures taken to make it more difficult for an intruder to circumvent the authentication process.
Good criteria when choosing a password or setting up password guidelines include the following:
- Don't pick a password that someone can easily guess if they know who you are (for example, not your Social Security number, birthday, or maiden name)
- Don't pick a word that can be found in the dictionary (since there are programs that can rapidly try every word in the dictionary!)
- Don't pick a word that is currently newsworthy
- Don't pick a password that is similar to your previous password
- Do pick a mixture of letters and at least one number
- Do pick a word that you can easily remember
A Microsoft article about security suggests that you use a memorable phrase instead of a word and convert that phrase to a password. For example, the phrase, "My favorite movie is Star Wars" could be expressed as MiFAVm00vE1s*Warz.