1. A code used to gain access (login) to a locked system. Good passwords contain letters and non-letters and are not simple combinations such as virtue7. A good password might be: 5%df(29) But don't use that one! From Matisse

2. A security tool used to identify authorized users of a program or network and to define their privileges, such as read-only, reading and writing, or file copying. From QUECID

3. A personal identifier used to validate a user's authorization to log into a Linux system. From Linux Guide @FirstLinux

4. A type of authentication, a pasword is a secret word that a user must know in order to gain access. A passphrse is a correspondingly larger secret consisting of multiple words. History: Passwords have been used since Roman times. The Romans were some of the first large armies where people didn't recognize each other by site. In order to gain entry into the camp, a Roman soldier would have to know the secret password. Key point: The most important defensive mechanism that a corporation can take is to create and enforce policies about proper password usage. This policy should entail: length E.g. minimum of 6 characters composition E.g. upper and lower case, numbers, and punctuation. Note that one of the big support headaches is users who have the caps-lock key on which causes passwords to be mistyped. lifetime E.g. when passwords expire. A good choice would be every 6-months. Password expiration is an overated security technique. It's biggest benefit is that it will automatically age out. source Whether users select their own password or are given one by management. There are automated password programs that will generate easy-to-remember passwords. ownership A policy should declare that passwords should never be shared; many declare that a user will automatically lose privileges if they ever share their password with somebody else. distribution How does the user get his/her password? If the system administrator chooses the password, how do they securely tell the user? If the user chooses a password the first time they log on, how do you prevent other people from getting to the account before the legitimate user? Often people will distribute an initial password, but then force the user to change it. storage Most passwords these days are stored in an encrypted format such that even the administrators cannot know what the password is. authentication period When should the terminal automatically log the user out? Should their be a fixed time, or an inactivity timer? E.g. banking terminals automatically log the user out within a few minutes, PCs have password screen savers that can be configured. Key point: A leading cause of compromise are programs that leave behind default passwords. A leading cause of compromise are users who choose weak passwords that can easily be guessed or cracked. Tools: The crack programs can be used to maintain a strong policy (or break into systems). Tools: On Windows NT, the "passflt.dll" and "passprop.exe" tools can be used to enforce strong passwords. Misunderstanding: People used to believe that a good password was a random mix of UPPER and lower case, numbers, and punctuation. However, this generates passwords that are impossible for users to remember, so they find ways around the restriction, such as writing passwords down on Post-It notes. Therefore, somebody can compromise the network by simply looking for Post-It notes (such as pasted to the bottom of a keyboard). Controversy: Many policies declare that a password must be changed frequently, and most OSes come with tools for enforcing this. However, this leads to the same problem as above: it causes pain for users, so they behave in ways that reduce security. Also, it isn't clear that it dramatically increases security. Contrast: Passwords aren't the only authentication scheme possible. Crypto-cards are often used to generate "one-time passwords" or challenge-response authentication. Tip: Use a Palm Pilot and a crypt program to store your many passwords. Make sure that you choose a encryption program that cannot be broken. Notes: In June, 2001, the British CentralNic commissioned a poll to discover what kinds of passwords people choose. They found that people could be classified: family (50%) Chooses names, such as their own, their partner's (wife, husband, other), children, or pets. They further noted that such people tended to be those who used the computer the least. fan (30%) Chooses names of sports stars, cartoon characters, or pop sars. Since the study was in the United Kingdom, Britsh soccer player David Beckham emerged as the most popular. Variations of Homer Simpson and Madonna also were popular. self-obsessed (11%) Words like "sexy", "stud", "slapper", or "goddess". Note that in the 1995 movie Hackers, the plot centers around a high-level executive who chose "god" for a password, which the hacker easily guessed. cryptics (9%) Passwords with a mix of lower and upper case characters, numbers, and punctuation. See also: grind, crack, password cache, 8-character password, PIN From Hacking-Lexicon