Passwords have been a mainstay of information system security ever since the early days of computer use, as a natural security measure that is both easy to understand and to implement. Any system that requires shared use conceivably requires a mechanism to delineate responsibilities, limit access to resources and compartmentalize data between users. The first-ever computer system employing password-based authentication is considered to be the MIT Compatible Time-Sharing System (CTSS), which began service in 1963 [ 1 ].

However, advances in computing power and the increasing complexity of modern information systems have caused users, developers, and IT vendors to re-evaluate password authentication and password-based security as a whole. As passwords are simple to implement a measure that provides a sufficient level of security, they became a standard way of authenticating users in computer systems with a high level of usability for both the users and the implementing party. While past computer systems often only required authentication locally, within the scope of a single machine, the advent of the Internet has necessitated the use of passwords to authenticate thousands, even millions of different users. *

However, with the wide availability of networked services come risks and dangers: unlike before, modern attackers need not always have physical access to a user’s machine or even infect it with computer viruses or other malicious programs. The recent shift to cloud-based services and data storage means attackers can gain access to sensitive data as long as they can gain access to a user’s account with a cloud service. Because passwords remain the first (and sometimes only) line of defense in modern authentication mechanisms, attackers can exploit weaknesses in IT systems and the human factor to gain illicit access to passwords and therefore sensitive data. 2

As with many IT systems, a password authentication system must strike a balance between usability and security. A system that is exceedingly simple to use is likely not to be very secure; conversely, an extremely secure system is likely not to be very user and implementer-friendly.

For example, the first password systems, like the CTSS, stored passwords in plaintext; this was also the vector of the first “attack”, which could be described in modern terms as a social engineering attack taking advantage of weak data security [ 1 ].

With the development of cryptography, it became possible to encrypt passwords and store them as ciphertext; that is, text that is unreadable to humans, but that could be deciphered or otherwise used by the computer. In 1974, Evans, Kantrowitz, and Weiss proposed a password authentication security measure in [ 2 ] that remains the de-facto standard approach: instead of storing the passwords plainly, they should be transformed using a one-way function, and the result of that transformation should be used for comparison purposes. Today, hash functions are used as one-way functions to this end – hash functions produce a fixed-length cryptographic digest of a message of arbitrary size. Some of the more well-known hash functions are MD5 (now considered outdated and insecure), the SHA family (SHA-1, SHA-2, etc.), crypt, and others.

While the main attack against hash-supported password authentication is the brute force attack, iterating over probable values, hash functions are still not perfect or immune from other forms of attack. One danger associated with hashing functions is the possibility of collisions, which are instances of two different input messages producing the same digest. Notably, MD5, once a widely-used hash function, was proven insecure and susceptible to collisions along with a set of other hash functions in [ 3 ]. Weaknesses in the SHA-1 algorithm were first discovered by Stevens et al., described in [ 4 ]; this was later expanded upon by the same authors in [ 5 ] and by other researchers. Collisions usually arise due to imperfections in the algorithm itself, and these attacks are generally remediated by switching to a different, more secure hashing algorithm, as was done for MD5 (to SHA-1) and is now being done for SHA-1 (to the SHA-2 and SHA-3 families of algorithms).

Another avenue of attack against hashed password authentication is the use of various dictionaries, tables, and other means of hash digest lookup. Such attacks trade-off storage space for computation time, storing pre-computed digests for commonly used passwords to drastically reduce the time required to find the necessary input data. Oechslin in [ 6 ] first proposed the concept of a so-called “rainbow table”, which uses special chains between source data and hash digests to optimize lookup times. Lookup attacks are rendered ineffective by the use of “salting”, a technique that uses an arbitrary value concatenated with the input data to produce a new hash digest, different from the one that would be generated from the raw input data alone. The salt must be stored with the hash digest for the system to be able to reproduce the results later; however, as the value is chosen is arbitrary, and different for each password, generating a lookup table would be equivalent to a brute force attack in terms of time and resource requirements. 3

The previous section shows that, provided certain simple recommendations are applied, the only feasible technical attack against hash-based password authentication is a brute force one. However, the human factor is often the leading cause of breaches and a prime vector of attack. The main avenues of human-targeted attacks are being deceived into revealing their passwords, being compelled by force, and relying on personal associations and knowledge to create passwords, as well as relying on external information storage to remember them.

The problem of password creation and memorization is especially relevant to the field of information security, as security guidelines that cannot be followed due to human psychology are largely pointless and unenforceable. Therefore, they must be formulated concerning the average user’s capabilities and limitations.

Uniformly random passwords are the hardest to guess, but also the hardest to remember, especially when there are many to remember. A 2007 study by Florencio and Herley [ 8 ] showed that the average user accessed 25 accounts. However, even though password policies dictate that the password for each service should be unique, the average user only had 6.5 unique passwords, indicating a relatively high degree of password reuse. It is therefore likely that the number of accounts for a user has grown in the years since, and likely faster than the number of unique passwords. 4

In a password security context, quantifying its efficiency means quantifying the quality of a user’s password. Various algorithms attempt to assess the quality of a password. Many are based on the concept of information entropy, which quantifies how “surprising”, or improbable, a random variable – here, the string of bytes – is on the whole.

According to the definition of Shannon information entropy, if pi is the probability of symbol number i appearing in the stream of symbols of length n > 0, the entropy for that message for an information unit of base b would be:

Assuming a perfectly random password is used – i.e. the password is a string of L uniformly random symbols selected from a symbol set of length N – and that bits are used as the information unit, (1) is simplified:

This corollary is equivalent to the Hartley function introduced by Ralph Hartley in 1928. It follows, therefore, that for a truly random password it is preferable to draw from as broad a set of symbols as possible from the start, adjusting the level of security by adjusting the length of the password. However, symbols should be different enough to avoid being present in a common subset, i.e. if the symbol set being used is “alphanumeric characters and punctuation marks”, care should be taken that the uniformly random resulting password does not consist e.g. solely of letters, as that effectively reduces the character set length from over 70 to just 52.

However, (1), and by an extension (2), are unsuitable for assessing entropy of many real-world passwords, as they are generated by people and thus contain patterns, based on language or otherwise. The authors propose Markov processes as a framework for calculating password quality because they are well-suited for quantifying how predictable a password is from the point of view of common patterns.

Let X = {X0, X1, ..., XT } - be a sequence of T random variables (T ≤ 0), V = {V1, V2, ..., VM} – the set of M states in a Markov process. In more familiar terms, X is the password itself, where each of the random variables is a single character, and V is the set of all possible characters in a password.

The conditional probability P(Xt = xt | Xt-1 = xt-1, ..., X1 = x1) describes a situation where the event at time t depends on all of the previous states of X. However, if it depends only on the immediately preceding state, i.e.

then it is a first-order Markov process. A zero-order Markov process is a process where every event is independent of every other event, i.e. the events are perfectly random. Entropy for a zero-order Markov process is calculated thus:

For a first-order Markov process, the calculation becomes:

And so on for higher-order processes. Markov processes are a useful estimate of how predictable a given password is since many common passwords are words or word combinations and thus well-described by Markov processes. A second-order Markov process would generally be an acceptable compromise between complexity and accuracy.

Markov probabilities may be calculated using publicly available databases of commonly used passwords and dictionaries of most common words in a given language; for non-English-speaking users, it is generally necessary to assess both English- language and non-English-language probabilities. Additionally, common number-letter substitutions and casing differences could be accounted for on a software level for added accuracy.

The above technical and organizational recommendations have been tried and formulated during the authors’ development of online university testing and learning systems. Salted hashing of passwords and the above approach to password quality assessment have been used by the authors in multiple systems, described in [ 9 ] and [ 10 ]; the systems have been copyrighted in [ 11-13 ].

However, it is recommended that passwords not be the only factor in a login system. Given the wide availability of mobile devices equipped with biometrics – mostly fingerprint scanners – it becomes easy to use biometrics as a true second factor, instead of OTPs or other solutions. The authors have explored the possibility of using mobile devices as a biometric authentication platform in a 2016 study [ 14 ] and developed a prototype for a mobile biometric authentication system used as an authentication module for web services. The system was designed to be fully passwordless, utilizing a common protocol to authenticate users via biometrics modules built into mobile devices and communicate with the web service requesting authentication. The prototype, copyrighted in [ 15 ], included a fingerprint module, which used an Android device’s fingerprint sensor to authenticate. 5

Password authentication has changed and evolved over the years, but the user experience has largely remained the same. However, their effectiveness is now challenged by the ever-growing number of services that require them, and the ever-stricter requirements for their complexity as the number of attacks on Internet users grows.

Passwords are easy to implement for developers of authentication systems and integrators who connect them to services. However, modern passwords should be reasonably long and mostly random, which presents challenges for users – such passwords are hard to remember, so weaker passwords are created, and later reused.

The risk of “cracking” a password in a system has mostly been eliminated, but the risk of correctly guessing a password, even if it is through brute force iteration, remains significant. Some solutions have been proposed: password management software, or different approaches to generating passwords that are easier to remember. However, the problem remains.

Today, issues with password security have largely been secured against using multifactor or multi-step authentication: the use of other means of authenticating a user in addition to their password – from simple ones like temporary codes delivered by text message or temporary time-limited passwords, to more complex solutions like biometrics or hardware token authentication.

As such, passwords will likely remain in some form as an authentication factor for a long time yet. However, the advent of widespread biometrics and an overall higher level of network security is making it possible to use passwordless and multi-factor authentication more widely than ever before. On the whole, perfect must not be the enemy of the good, but there must be a basic level of security for any system – and passwords alone are no longer sufficient.