In computing, a password is a word or string of characters that is entered, often along with a user name, in modern times usually into a computer system to log in, or to gain access to some resource. Passwords are a common form of authentication. Full security requires that the password be kept secret from those not allowed access.

The use of passwords is known to be ancient. Sentries would challenge those wishing to enter an area or approaching it to supply a password or watchword. Sentries would only allow a person or group to pass if they knew the password. In modern times, passwords are used to control access to protected computer operating systems, mobile phones, cable TV decoders, automated teller machines (ATMs), etc. A typical computer user may require passwords for many purposes: logging in to computer accounts, retrieving e-mail from servers, accessing programs, databases, networks, web sites, and even reading the morning newspaper online.

Despite the name, there is no need for passwords to be actual words; indeed passwords which are not actual words are harder to guess, a desirable property. Some passwords are formed from multiple words and are more accurately called a passphrase. The term passcode is sometimes used when the secret information is purely numeric, such as the personal identification number (PIN) commonly used for ATM access. Passwords are generally short enough to be memorized.

Designing a personal, user-friendly password

Passwords vary in their degree of security protection, frequency of change, and typically vary in required characteristics (eg, minimum and maximum lengths, permitted characters, etc) from system to system. The most public, and therefore least secure, password might be one that is given to members of a group, a committee or some other organization. For instance, "publiclibrary", "internet", "AAAfinancecommittee" or "password" are all examples of easily remembered passwords, more or less publicly knowable passwords.

Less easily attacked passwords might be built from such a basic form, for instance, "smith12nov34street" or "AAAchairpersonSUE". These are slightly more secure, but being relatively easily predictable should not be relied upon to actually block unauthorized access. Effective access control requires passwords which are more difficult to guess or to find automatically, less publicly knowable (ideally not at all), and these are the subject of much of the rest of this article. One method of creating passwords that are memorable, but harder to attack successfully is to use selective substitution of numbers for letters, e.g. 'I' is replaced by '1', 'E' by '3' etc. This becomes even more secure if the numbers are 'shifted' on the keyboard. In this instance, the number '1' might be replaced by '!', assuming '!' is a permitted character in passwords on the relevant system.

Factors in the security of a password system