This article was accepted into the corpus but its outbound wikilinks were never NER-processed — typical at the deepest BFS hop or when the run's entity cap was reached. No expansion funnel to show.
| Password | |
|---|---|
| Name | Password |
| Type | Authentication |
| Developer | Various |
| Released | Antiquity–Modern |
| Latest | Ongoing |
| Platform | Cross-platform |
| License | None (concept) |
Password A password is a secret string of characters used to control access to resources, authenticate identities, and protect information in digital and physical contexts. Passwords have been employed across institutions, from private households and corporate networks to national security agencies, and influence practices in cryptography, standards bodies, and law enforcement. The design, deployment, and governance of passwords intersect with technologies, organizations, incidents, and legislation that have shaped modern authentication.
A password functions as a shared secret between an entity and an authenticator to verify identity for access to systems such as Unix, Microsoft Windows, Android, iOS, OpenSSH, and Remote Desktop Protocol. In cryptographic systems like Pretty Good Privacy and TLS, passwords may seed key derivation functions implemented by standards bodies such as National Institute of Standards and Technology and Internet Engineering Task Force. Institutions including Google, Facebook, Amazon and Microsoft rely on passwords alongside account recovery mechanisms overseen by compliance frameworks like Payment Card Industry Data Security Standard and General Data Protection Regulation implementations. Passwords serve purposes in access control lists administered by Active Directory and in physical locks mediated by facilities run by entities such as Hilton Worldwide or Federal Aviation Administration.
The practice of secret phrases dates to antiquity in military and diplomatic contexts exemplified by oaths used by forces at the Battle of Thermopylae and watchwords in naval fleets. Modern use accelerated with telegraphy and cipher offices during conflicts like the Crimean War and World War I, influencing early computing work at Bletchley Park and laboratories such as Bell Labs. The advent of time-sharing systems at MIT and projects like ARPANET produced seminal password models in operating systems like Multics and TENEX. Corporate developments by Microsoft and Apple Inc. brought passwords into consumer computing, while major breaches involving Yahoo!, Equifax, and Target Corporation shaped risk awareness and regulation by bodies like European Commission and national parliaments.
Passwords appear as memorized passphrases, numeric PINs used in systems like EMV payment cards, one-time passwords issued by tokens from vendors such as RSA Security (SecurID), and graphical passwords implemented in projects at Carnegie Mellon University and University of Cambridge. Biometric alternatives intersect with password workflows in devices from Samsung and Apple Inc. where Touch ID or Face ID may supplement secrets. Forms include salted hashed passwords stored in databases managed by Oracle Corporation and MySQL, encrypted with algorithms standardized by National Institute of Standards and Technology and implemented via libraries like OpenSSL and Bcrypt.
Passwords are vulnerable to brute-force attacks automated with tools developed in research groups and companies, and exploited in incidents involving threat actors like groups traced to operations attributed by agencies such as Federal Bureau of Investigation and National Security Agency. Common attacks include phishing campaigns propagated via platforms like Gmail, credential stuffing leveraging breached dumps from sites such as Adobe Systems, and rainbow table exploits targeting weak hash schemes like MD5 criticized by cryptographers at RSA Conference. System failures tied to misconfiguration at providers including Equifax and Yahoo! demonstrate risks of poor hashing, inadequate salting, and insecure transmission over protocols prior to Transport Layer Security adoption.
Best practices advocated by standards bodies such as National Institute of Standards and Technology and industry groups like OpenID Foundation include using passphrases, unique credentials per account, rate limiting on authentication endpoints at services like Cloudflare, and multi-factor authentication policies deployed by organizations including Microsoft and Google. Password managers produced by companies such as LastPass, 1Password, and Dashlane help users maintain unique secrets, while enterprise identity providers like Okta and Ping Identity support single sign-on and provisioning workflows integrated with LDAP directories and SAML assertions. Incident response playbooks by entities like SANS Institute and CERT Coordination Center emphasize rotation, compromise notification, and forensic analysis.
Alternatives and complements to passwords include multi-factor schemes combining knowledge factors with possession factors like Yubico tokens compliant with FIDO Alliance standards, biometric factors implemented by vendors such as Apple Inc. and Samsung, and federated identity through protocols like OAuth 2.0, OpenID Connect, and SAML used by providers including Google, Microsoft, and Facebook. Cryptographic approaches like public-key infrastructure deployments by Let's Encrypt and hardware security modules supplied by Thales Group reduce reliance on memorized secrets. Research initiatives at institutions such as MIT and Stanford University explore usable authentication and threshold cryptography to mitigate single points of failure.
Passwords implicate legal frameworks including data breach notification laws passed in U.S. states and under the European Union's General Data Protection Regulation, shaping obligations for controllers and processors such as Equifax and Facebook. Ethical debates engage scholars at Harvard University and Yale Law School over surveillance, coercive disclosure under statutes like the USA PATRIOT Act, and compelled decryption rulings in courts such as the Supreme Court of the United States. Social implications manifest in digital inclusion efforts championed by organizations like United Nations agencies and privacy advocacy groups including the Electronic Frontier Foundation, which influence public guidance from bodies like National Cyber Security Centre (UK).
Category:Authentication