Determining Password Strength
There are two factors to consider in determining password strength: the average number of guesses the attacker must test to find the correct password and the ease with which an attacker can check the validity of each guessed password. The first factor is determined by how long the password is, how large a set of characters or symbols it is drawn from and whether the password is created randomly or by a more predictable process. Users of password-protected resources often have control of this factor. The second factor is determined by how the password is stored and used. This factor is determined by the design of the password system and beyond control of the user.
The rate at which an attacker can submit guessed passwords to the system is a key factor in determining system security. Some systems impose a time-out of several seconds after a small number (e.g., three) of failed password entry attempts. In the absence of other vulnerabilities, such systems can be effectively secure with relatively simple passwords. However the system must store information about the user passwords in some form and if that information is stolen, say by breaching system security, the user passwords can be at risk.
Read more about this topic: Password Strength
Famous quotes containing the words determining and/or strength:
“A quality is something capable of being completely embodied. A law never can be embodied in its character as a law except by determining a habit. A quality is how something may or might have been. A law is how an endless future must continue to be.”
—Charles Sanders Peirce (1839–1914)
“Blind and unwavering indiscipline at all times constitutes the real strength of all free men.”
—Alfred Jarry (1873–1907)