Safekipedia

Password

Adapted from Wikipedia · Discoverer experience

A wifi sign in a cafe in Christchurch, New Zealand, showing where people can connect to the internet.

A password, sometimes called a passcode, is secret data, typically a string of characters, usually used to confirm a user's identity. It helps make sure that only the right person can access important information or services on computers and the internet. Traditionally, people were expected to remember their passwords, but with so many different services to use, it can be hard to remember a unique password for each one.

A password field in a sign-in form

In general, a password is made up of a sequence of characters including letters, digits, or other symbols. If the characters can only be numbers, the secret is sometimes called a personal identification number, or PIN for short.

A password does not need to be a real word from a dictionary. In fact, using something that is not a real word can make it harder for someone else to guess, which helps keep your information safer. Sometimes, people use a passphrase, which is a memorized secret made of a sequence of words or other text separated by spaces. A passphrase is similar to a password but is usually longer, which can add extra security.

History

Passwords have been used for a very long time. In ancient times, guards would ask people to say a secret word before letting them into a place. This idea was used in the Roman military to make sure only the right people could pass through.

During big wars, like the Battle of Normandy, soldiers used special words to recognize each other. For example, one group would say "flash" and the other would answer "thunder." These words were changed often to keep them safe.

Computers started using passwords a long time ago too. In 1961, a computer system called the Compatible Time-Sharing System was the first to ask for a password when someone wanted to use it. Today, we use passwords to log into many things, like computer systems, mobile phones, and even to read news online.

Choosing a secure and memorable password

It’s important to pick a password that is both easy for you to remember and hard for others to guess. If a password is too easy to remember, someone might guess it. But if it’s too hard to remember, you might write it down or have to keep changing it, which can also make things less safe.

One good way to make a strong password is to combine two or more words that are not related and change some letters to numbers or symbols. Avoid using just one common word, like the ones often found in lists of easy passwords. These easy passwords include names of pets, birthdays, or the word “password,” and they can be guessed by others.

Alternatives to memorization

It can be hard to remember many passwords because people use so many different services online. Some people use the same password for many accounts, but this can be risky if that password is discovered. Safer ways to help manage passwords include using special tools called password managers or systems that let you sign in with just one password for many services, known as single sign-on. Keeping written lists of less important passwords can also help. These methods can make it easier to remember just a few important passwords.

Factors in the security of a password system

See also: Password strength and Computer security

The safety of a system that uses passwords depends on several things. The whole system needs to be built safely, with ways to stop problems like computer viruses and other tricks people might use. It’s also important to keep passwords private, whether someone is looking over your shoulder or using cameras and other tools.

Today, many computers hide passwords when you type them to keep them secret. But some people think this might make users choose weaker passwords by accident. So, it’s good if users can choose to see their passwords while typing.

There are many ways to make passwords more secure. One way is to make it harder for someone to guess a password by only allowing a few tries before the account is temporarily locked. Another way is to store passwords safely, using special methods so that even if someone gets the stored data, it’s hard to figure out the real password. Some systems don’t store the password at all but keep a special code that’s made from the password.

When passwords are sent over the internet, it’s important to use safe methods to protect them from being seen by others. Some systems use special ways to prove you know the password without actually sending it.

Changing passwords is sometimes needed if someone thinks their password might have been discovered. Some systems let users reset their passwords by answering questions, but these questions should be hard to guess.

Having each user with their own password is better than sharing one password. This makes it easier to remove access for someone who leaves or graduates.

To make passwords stronger, some systems ask for longer passwords, mix different kinds of letters and numbers, or use more than one way to check who you are, like a password plus a code sent to your phone.

Sometimes people reuse the same password on many sites, which can be risky. Using a password manager or writing passwords down in a safe place can help keep them secure.

After someone passes away, it’s important to have a safe way to share their passwords with the people who need them.

Using more than one way to check who you are, like a password and a code, makes it harder for someone to pretend to be you.

Password rules

Many groups have rules about how to create a good password. These rules often say how long a password should be and what kinds of letters, numbers, or symbols it should include. Some of these rules come from a report made in 2003 by the National Institute of Standards and Technology.

Later, in 2017, experts said these rules might not always help keep information safe. They suggested using longer, easier-to-remember phrases instead of trying to make very complex passwords. This way, people can pick something they can remember without making it easy for others to guess.

Password cracking

People sometimes try to guess passwords by testing many possibilities, which is called a brute-force attack. Another way is a dictionary attack, where common words and lists of usual passwords are tried.

The strength of a password depends on how hard it is to guess. Weak passwords are easy to find, while strong ones are hard or impossible to discover. Some programs can help find weak passwords, and they are sometimes used by computer experts to check if users pick good passwords. Studies show that many people choose simple passwords that can be guessed easily. For example, one common password is just "password1". Over time, people have started choosing longer and better passwords.

Alternatives to passwords for authentication

People have tried many ways to make logging in safer than just using passwords, because passwords can sometimes be guessed or stolen. Some of these methods work only in special cases or are hard for everyone to use.

One idea is to use passwords that work only once. This can stop some types of attacks, but it can be inconvenient. Some banks use a special code that changes each time you use it. Another method shows a changing code on a small device you carry.

Some systems let you log in without a password by using a special device, like a phone or a key, to prove who you are. Other ideas include using parts of your body, like fingerprints, though these can sometimes be fooled.

There are also ways to log in using pictures instead of words, or by moving a mouse in a certain way. These can be fun but are not used very much yet. All these methods try to make it easier and safer to keep your information private online.

Obsolescence

A password for a wi-fi network in a cafe in 2022

Some people say that passwords are no longer the best way to keep things safe online. They think we should use other methods, like biometrics, two-factor authentication, or single sign-on. However, studies show that while these new methods can be safer, they are often harder to set up and use for everyone. This is why, even after many years of talking about it, we still use passwords today. The challenge is not the password system itself, but how people choose and remember their passwords, especially with so many different devices and networks around.

Related articles

String (computer science)
Mobile phone
Computer security
Computer virus
National Institute of Standards and Technology

This article is a child-friendly adaptation of the Wikipedia article on Password, available under CC BY-SA 4.0.

Images from Wikimedia Commons. Tap any image to view credits and license.