Passwords are primarily used as a way of accessing information and also limiting the number of users who can get access to a machine. It is primarily used with a username for the authorization system. Sometimes people use keys instead of passwords due to the increased strength of the keys.
- Stackoverflow.com Wiki
Preventing weak passwords by reading your mind
You see, the world of forgotten passwords is actually a little murky. There are plenty of different perfectly legitimate angles and a bunch of pretty bad ones as well. Chances are you’ve experienced each many times as an end user so let me try and draw on some of these examples to see who’s doing it well, who’s not and what you need to focus on to get it right in your app.
A user’s account on a website is like a house. The password is the key, and logging in is like walking through the front door. When a user can’t remember their password, it’s like losing their keys. When a user’s account is hacked, it’s like their house is getting broken into.
123456, password, rootkit, 111111, 12345678, qwerty, 123456789, 123123, qwertyui, letmein, 12345, 1234, abc123, dvcfghyt, 0, r00tk1t, ìîñêâà, 1234567, 1234567890, 123, fuckyou, 11111111, master, aaaaaa, 1qaz2wsx
Of the many, many, many bad things about passwords, you know what the worst is? Password rules.
In the beginning, things were simple: you had two strings (a username and a password) and if someone knew both of them, they could log in. Easy.
Bill Burr, a manager at the National Institute of Standards and Technology (NIST), wrote a password primer in 2003 that recommended many of the rules we have now: special characters, capitals and numbers. He also added a recommendation that they be updated regularly (THANKS, BILL).