Determining Password Strength
There are two factors to consider in determining password strength: the average number of guesses the attacker must test to find the correct password and the ease with which an attacker can check the validity of each guessed password. The first factor is determined by how long the password is, how large a set of characters or symbols it is drawn from and whether the password is created randomly or by a more predictable process. Users of password-protected resources often have control of this factor. The second factor is determined by how the password is stored and used. This factor is determined by the design of the password system and beyond control of the user.
The rate at which an attacker can submit guessed passwords to the system is a key factor in determining system security. Some systems impose a time-out of several seconds after a small number (e.g., three) of failed password entry attempts. In the absence of other vulnerabilities, such systems can be effectively secure with relatively simple passwords. However the system must store information about the user passwords in some form and if that information is stolen, say by breaching system security, the user passwords can be at risk.
Read more about this topic: Password Strength
Famous quotes containing the words determining and/or strength:
“The true rule, in determining to embrace, or reject any thing, is not whether it have any evil in it; but whether it have more of evil, than of good. There are few things wholly evil, or wholly good.”
—Abraham Lincoln (1809–1865)
“The poet needs a ground in popular tradition on which he may work, and which, again, may restrain his art within the due temperance. It holds him to the people, supplies a foundation for his edifice; and, in furnishing so much work done to his hand, leaves him at leisure, and in full strength for the audacities of his imagination.”
—Ralph Waldo Emerson (1803–1882)