password, passcode, pass code

A password or its numerical form, sometimes called a passcode or PIN, is one of the simplest authentication methods. It is usually used with an identifier, as a shared secret between the person who wants access and the system that’s protected.

If it’s not encrypted, or if the encryption is easy to break, passwords and passcodes are vulnerable to eavesdropping and replay. And if it is encrypted, there are other attacks that are used. A brute force, or dictionary attack consists of an attack that just tries possibility after possibility until the right one is found. Utilities to help an attacker with this kind of attempt are easily found on the Internet. Short passwords, made of one simple word are the easiest to find with this kind of attack. So many administrators require pass phrases, complex combinations of word. Controls will also often require that numbers or special characters are used with the password or pass phrase, this makes it more random in nature and harder to guess.

In some environments, users must remember many complex passwords and pass phrases and end up writing them down near the computer. This becomes the vulnerability.

21 CFR Part 11 access control, access management AES Alerting, alerts Anti-phishing service Anti-Phishing Working Group (APWG)authentication authorization Basel II Baseline, baselining biometrics/biometric authentication California AB 1950 and SB 1386 call center call center assist Card Management Systems (CMS)CAS certificate authority, certification authority (CA)Certificate Revocation List (CRL)Chip and PIN COBIT control framework credentials, credential store CVV DAS digital certificate digital identity digital rights management (DRM)digital signature directory service E-Authentication Initiative EMV™endpoint authentication EPS EU Data Protection Directive factoring, prime numbers Federal Information Processing Standards (FIPS)federated identity FFIEC FFIEC Online Banking Authentication Guidance FIPS 140 FIPS 201 GINA Gramm-Leach-Bliley Act (GLBA)hardware authenticator hijacking HIPAA Homeland Security Presidential Directive – Number 12 (HSPD-12)Identity and Access Management (IAM)identity theft Intelligent Questioning IPSec ISO 17799 ISO27002 key logging key management Knowledge Based Authentication (KBA)layered authentication LDAP Liberty Alliance, Liberty ID-FF logical access, physical access man-in-the-middle attacks (MITM)MasterCard's Chip Authentication Protocol (CAP)Microsoft.NET, Passport MPEG-LA mutual authentication NIST OASIS Open Mobile Alliance (OMA)OTP (One-Time Password)OTPS password, passcode, pass code Payment Card Industry (PCI) Data Security Standard Personal Identity Verification card (PIV Card)pharming phishing PKCS PKI provisioning RADIUS RBAC (Role Based Access Control)RC2, RC4, RC5, etc.RFID risk-based authentication RSA algorithm S/MIME SAML Sarbanes-Oxley Act (SOX)seed record sequential questions Service Oriented Architecture (SOA)single sign-on (SSO)smart badging smart card smart chip spoofing SSL-VPN strong authentication symmetric key cryptography time synchronous authentication token Trojans two-factor authentication U.K. Identity Cards Bill USB token user life-cycle management verification Visa's Dynamic Passcode Authentication (DPA)VPN web access management web services WS-Security XML	password, passcode, pass code A password or its numerical form, sometimes called a passcode or PIN, is one of the simplest authentication methods. It is usually used with an identifier, as a shared secret between the person who wants access and the system that’s protected. If it’s not encrypted, or if the encryption is easy to break, passwords and passcodes are vulnerable to eavesdropping and replay. And if it is encrypted, there are other attacks that are used. A brute force, or dictionary attack consists of an attack that just tries possibility after possibility until the right one is found. Utilities to help an attacker with this kind of attempt are easily found on the Internet. Short passwords, made of one simple word are the easiest to find with this kind of attack. So many administrators require pass phrases, complex combinations of word. Controls will also often require that numbers or special characters are used with the password or pass phrase, this makes it more random in nature and harder to guess. In some environments, users must remember many complex passwords and pass phrases and end up writing them down near the computer. This becomes the vulnerability. Top of Page	Related Terms access control, access management authentication single sign-on (SSO) Related Links Secure Remote Access RSA SecurID
		Email to a friend Print