Password Management



Bibliographic Information


Problems of password selection and password management are discussed. Using a simple yet powerful model, the author describes ways to select passwords and identifies two techniques of hindering the compromise of a system by guarding the information and algorithms used to validate user passwords. It is pointed out that obtaining access to a system, or to resources on the system, is the first step in attacking the system. Penetration by obtaining, or guessing, a password is a time-honored, and extremely effective, technique for gaining such access; thus, a firm understanding of passwords, their uses, and techniques for password management are essential to the security of any computer system.

Copyright Notice

©1991 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author’s copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.
The definitive version was published in Proceedings of Compcom Spring ’91: Digest of Papers, Feb. 1991.