Password Management



Bibliographic Information


Problems of password selection and password management are discussed. Using a simple yet powerful model, the author describes ways to select passwords and identifies two techniques of hindering the compromise of a system by guarding the information and algorithms used to validate user passwords. It is pointed out that obtaining access to a system, or to resources on the system, is the first step in attacking the system. Penetration by obtaining, or guessing, a password is a time-honored, and extremely effective, technique for gaining such access; thus, a firm understanding of passwords, their uses, and techniques for password management are essential to the security of any computer system.

Copyright Notice

©1991 by IEEE. The definitive version was published in Proceedings of Compcom Spring ’91: Digest of Papers, Feb. 1991.