1 Passwords: what are they for?
Millions of people use online services every day, and it is crucial that these systems prevent users from accessing each other’s information. To do this, they need a way of uniquely identifying each user that prevents users from impersonating each other. This is called identification and authentication.
Passwords and passcodes are the most common way of authenticating users. Examples of their use includes the PIN (Personal Identifier Number) you use with your credit and debit card as well as the many passwords you are expected to remember when logging in to computer-based services.
An ideal password must satisfy two conflicting aims. It should be:
- memorable enough that the user can recall it without writing it down
- long enough and unique enough that no one else can guess it.
As you’ve almost certainly found out, remembering passwords is hard and it can be even harder to think of one that is secure. For these reasons many services are thinking about replacing passwords – we will return to this later.
First, let’s think about how passwords are used and the different ways attackers try to learn our password.