6.1. Understanding Passwords

Passwords existed long before computers. Do you want to cross the bridge, enter the castle, or get into the secret back room? Knowing the password proves to the guard, gatekeeper, or bouncer that you have the right to do so, even though he may have no idea who you are. The password is the secret piece of information, shared only with the most trustworthy people, that gives them access to otherwise private or hidden places.

Electronic passwords also give you access — although usually to information and digital resources rather than physical places. Nearly always, a computer system requires two pieces of information to be presented together. Your username or email address (which generally isn't secret) tells the machine who you claim to be, whereas the password (which is secret) verifies that you are in fact that person. These two pieces of information together are referred to as your credentials. Supplying your credentials — filling in the blanks with your username and password to identify yourself to the computer — is known as authentication.

Because a password is meant to remain secret, one of the most commonly asked questions is what makes a password secure. The answer is at once more complex and simple than you might imagine.

6.1.1. What makes a password secure?

You may have heard or read expert proclamations about what constitutes a secure password. For example, it must have a certain number of characters, or always include letters and numbers, ...

Get Mac® Security Bible now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.