Lead Image © berkay08, 123RF.com
Passwords, passphrases, and passkeys
Secret Symbols
The classic password has a long history and the terms, along with the times, are a-changing. At the end of the day, everyone still uses passwords, but the term passphrase, for example, describes a different way of creating and remembering them. After all, every attempt to access something starts with a secret that has to be resolved and handed over. One part of the puzzle is the username, which identifies the owner. Under normal circumstances, the owner should be the only person who has the key to access. When generating a password, the user faces two challenges: the need to generate a secure password, and the need to remember it.
Unrealistic Rulesets
Bill Burr wrote the official password guide for the U.S. National Institute of Standards and Technology (NIST). According to the guide, a password should comprise at least eight characters and be complex. It should contain upper- and lowercase letters, numbers, and nonstandard characters (i.e., three to four different types of characters ideally), and it should be changed regularly. Ideally, a password history will prevent previously used passwords being rehashed, or at least enforce a long wait before reuse.
Unfortunately, many things in this ruleset have been misinterpreted and, above all, users have found unplanned or unintended detours and shortcuts. When it comes to the length of the password, for example, the emphasis is on "at least" eight characters. This has led many users to view these eight characters as the maximum, and in many cases, IT departments fail to communicate the requirements clearly. Of course, a password can and should have more than eight characters.
In practice, passwords created according to the above-mentioned rules (e.g., dU7%9IL& ) that you are then forced to change every three months will quickly mutate to Summer25 , because it is complex according to the rules. Three out of
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Passkeys eliminate the need for password-based authentication
Passwords are becoming a thing of the past. We look into the basic weaknesses of passwords, explain what passkeys are all about, and assess their practicality. -
Lithnet Password Protection for Active Directory
Lithnet Password Protection for Active Directory provides flexible rules beyond that possible with group policies alone and prevents the use of previously compromised passwords. - New Report Exposes the Prevalence of Lame Passwords
-
John the Ripper
Easy to remember but difficult to guess isn’t just a catchy phrase for choosing passwords, it’s the law of the Net. Learn how to check your password using a tool network intruders use every day: John the Ripper.
-
Managing access credentials
Most Internet services require password-protected individual accounts. A password manager can help you keep track of all your access credentials.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
