Determining Password Strength
There are two factors to consider in determining password strength: the average number of guesses the attacker must test to find the correct password and the ease with which an attacker can check the validity of each guessed password. The first factor is determined by how long the password is, how large a set of characters or symbols it is drawn from and whether the password is created randomly or by a more predictable process. Users of password-protected resources often have control of this factor. The second factor is determined by how the password is stored and used. This factor is determined by the design of the password system and beyond control of the user.
The rate at which an attacker can submit guessed passwords to the system is a key factor in determining system security. Some systems impose a time-out of several seconds after a small number (e.g., three) of failed password entry attempts. In the absence of other vulnerabilities, such systems can be effectively secure with relatively simple passwords. However the system must store information about the user passwords in some form and if that information is stolen, say by breaching system security, the user passwords can be at risk.
Read more about this topic: Password Strength
Famous quotes containing the words determining and/or strength:
“I esteem it the happiness of this country that its settlers, whilst they were exploring their granted and natural rights and determining the power of the magistrate, were united by personal affection. Members of a church before whose searching covenant all rank was abolished, they stood in awe of each other, as religious men.”
—Ralph Waldo Emerson (1803–1882)
“The storm is over, the land hushes to rest:
The tyrannous wind, its strength fordone,
Is fallen back in the west”
—Robert Bridges (1844–1930)