Password Authentication and Password Cracking

Wordfence has a very interesting article Password Authentication and Password Cracking. They suggest you set aside an hour to read this article.

If you don’t have a clue as to why you need a strong password and what makes up a strong password, then you might gain a lot from reading this article. It also might educate you on some obvious signs as to whether or not you are logging into a service that will protect your password after you create it. For instance, if the service ever sends you your password to you by any means, then it is not serious about protecting your password. (I am not talking about temporary, one-time passwords. I am talking about a password that you invent and give to the service.) The wide variation in how services handle passwords is the main reason why you never want to use the same password for more than one service.

Introduction to Authentication

In this article we’re going to explore different authentication mechanisms. An authentication mechanism (or method) is a way for you to prove that you’re allowed to access something. Passwords have been the default method of authentication for as long as most of us have needed to prove to a computer that we’re allowed to access it. However, passwords are not the only authentication mechanism.

Since I have known about salted hashed passwords since at least 1983 when I first used Unix, it didn’t take me that long to read the article. If you have similar experience, you will find it fairly easy reading. I was pleased to learn about some details that I didn’t know before about how password cracking has evolved and how the protections against it have evolved, too. I have also worked with massively parallel computers, but I don’t think that was part of what allowed me to understand the article any faster than someone without that experience.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.