Good and Bad Passwords How-To
An in Depth Analysis of Good, Bad,
Strong and Weak Passwords, Password Cracking Techniques and
How-To Reduce Password Vulnerabilities
Passwords are important because they are still the primary key to most
computer systems. At most sites, there is no greater opportunity for
improving security with as small an effort than by adopting good
password procedures. A Jan. 21, 2002, Information Week article,
(near the page bottom) summarizing a survey of 4500 security
professionals in 2001. This indicated that "Guessed Passwords" were
the primary method of attack 22% of the time. No competently selected
password should ever be guessed or even cracked.
Almost no one discusses security without at least touching on
passwords. Short lists of do's and dont's are common but fail to
explain why a password is good or bad. Here the details of what make
good and bad passwords or strong and weak passwords are covered in
great detail. The relative nature strong and weak passwords will be
discussed. Password cracking technology is reviewed. The impact of
ever faster computers on password technology is discussed as are steps
to improve password security.
This discussion focuses on UNIX including UNIX like, open source
systems such as Linux and OpenBSD and also Windows NT and 2000.
Much of what's said about UNIX will be applicable to any
contemporary operating system unless these systems have issues
NT, where backwards
compatibility concerns have resulted in an exceptionally weak
method of storing passwords.
Top of Page -
Copyright © 2000 - 2012 by George Shaffer. This material may be
distributed only subject to the terms and conditions set forth in
These terms are subject to change. Distribution is subject to
the current terms, or at the choice of the distributor, those
in an earlier, digitally signed electronic copy of
http://GeodSoft.com/terms.htm (or terms.pl) from the time of the distribution.
Distribution of substantively modified versions of GeodSoft content is
prohibited without the explicit written permission of George Shaffer.
Distribution of the work or derivatives of the work, in whole
or in part, for commercial purposes is prohibited unless prior
written permission is obtained from George Shaffer. Distribution in
accordance with these terms, for unrestricted and
uncompensated public access, non profit, or
internal company use is allowed.