This guide describes password guidance and recommendations for users of online applications that require authentication. It establishes a set of user-focused recommendations for creating and storing passwords, including balancing password strength and usability. A related guide, Modern password security for system designers, offers guidance for the engineers who build online applications that require authentication.
The technology world has been trying to improve on the password since the early days of computing. Shared-knowledge authentication is problematic, because information can fall into the wrong hands or be forgotten. The problem is magnified by systems that don't support real-world secure use cases and by the all-too-common decision of end users to take shortcuts.
Overview
This document outlines the following:
- Trusted sources of thoughtful and researched information about password security
- Recommendations for end-user password hygiene
- Common anti-patterns and myths around password security
- Additional technologies to explore
To read the full white paper, click the button: