You are here >  theory >  passwords



A Password is a stream of characters (alphabets, numbers and/or special characters) that is used by individuals to authenticate themselves, to prove who they say they are. Passwords are not used to prove ones identity alone, they are used as checkpoints to provide access to resources. In the age of empires, passwords have been used as secret words or phrases at the entry points. If a messenger brings information on war on enemies or some other important info, kingdoms could be deceived if they openly receive such information. The enemy nation could intercept and change the information, change the messenger or send a surrogate to relay a message that could be advantageous to the enemy nation.

In the current days, authentication has evolved and gone beyond passwords, to prove you are who you say you are. Authentication has been improvised on daily basis to have multiple ways to authenticate yourself:

One or more of these authentications could be combined to increase the efficiency of authenticating an individual. That is, "What you know?" could be combined with "What you have" to make it a strong authentication process. Although, there are many ways to combine authentication schemes and there are many futuristic authentication schemes, passwords are considered to be the most used authentication method even today. This is why, we wanted to give importance to passwords and have a separate domain just to help people realize the importance of passwords.

What you know?


User names in combination with password, pass-phrase, pin-number, etc. could be something that you and you only know. Its like a secret that you maintain to authenticate and gain access to a system, online[website, email, etc.], device, etc. Passphrases are generally easier to remember and hard to guess[rainbow or bruteforce]. This is because it involves statements[or strings] that you could remember easily compared to complex or complicated passwords and longer than passwords. Hence, people are moving towards pass-phrases.

What you have?


Automated Teller Machine (ATM) is a real good example for this type of authentication. In this type of authentication, the users must have a bank provided card(debit card) along with the Pin-number. So even though, pin-number falls under "What you know?" category, the card itself falls under "what you have?".

Smart cards, smart tags, smart chips, magenetic strips, etc. which provides your user name, user info [login, name, card #, expiration, etc.] comes under the "What you have?" category of authentication.

What you are?


Biometric scans such as facial, hand, palm, iris, retina, fingerprint, etc. come under this category of this authentication. Since, biometrics scans involve authenticating an individual with a body part that he is going to carry at all times, this is one of the easiest for users who have memory issues(to remember a password). In general, this mode of authentication is done in combination with a smart card or user name to make it stronger.

EvilFingers Arsenal

Socialize with RootkitAnalytics

Twitter Feed Blogspot

Socialize with EvilFingers

Twitter Feed Blogspot LinkedIn Delicious Google