Editing Password (section)

{{Use dmy dates|date=October 2023}}
{{Short description|Text used for user authentication to prove identity}}
{{Other uses}}
{{Redirect|Passcode|the Japanese idol group|Passcode (group)}}
{{For|assistance with your Wikipedia password|Help:Reset password|selfref=yes}}
[[File:Mediawiki_1.25_sign_in_form.png|thumb|right|A password field in a sign-in form]]
A '''password''', sometimes called a '''passcode''', is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be [[memorized]],<ref>{{Cite journal |last1=Ranjan |first1=Pratik |last2=Om |first2=Hari |date=6 May 2016 |title=An Efficient Remote User Password Authentication Scheme based on Rabin's Cryptosystem |url=http://link.springer.com/10.1007/s11277-016-3342-5 |journal=Wireless Personal Communications |language=en |volume=90 |issue=1 |pages=217–244 |doi=10.1007/s11277-016-3342-5 |s2cid=21912076 |issn=0929-6212}}</ref> but the large number of password-protected services that a typical individual accesses can make memorization of unique passwords for each service impractical.<ref name="nordpass100">{{cite web|url=https://securitybrief.co.nz/story/average-person-has-100-passwords-study |title=Average person has 100 passwords - study|date=21 October 2020|first=Shannon |last=Williams|work=SecurityBrief New Zealand |publisher=NordPass|access-date=28 April 2021}}</ref> Using the terminology of the NIST Digital Identity Guidelines,<ref name="NIST-SP-800-63-3">{{cite journal |last1=Grassi |first1=Paul A. |last2=Garcia |first2=Michael E. |last3=Fenton |first3=James L. |title=NIST Special Publication 800-63-3: Digital Identity Guidelines |url=https://pages.nist.gov/800-63-3/sp800-63-3.html |publisher=[[National Institute of Standards and Technology]] (NIST) |access-date=17 May 2019 |date=June 2017 |doi=10.6028/NIST.SP.800-63-3|doi-access=free }}</ref> the secret is held by a party called the ''claimant'' while the party verifying the identity of the claimant is called the ''verifier''. When the claimant successfully demonstrates knowledge of the password to the verifier through an established [[authentication protocol]],<ref>{{cite web |title=authentication protocol |url=https://csrc.nist.gov/glossary/term/authentication-protocol |publisher=Computer Security Resource Center (NIST) |access-date=17 May 2019 |archive-date=17 May 2019 |archive-url=https://web.archive.org/web/20190517125842/https://csrc.nist.gov/glossary/term/authentication-protocol |url-status=dead }}</ref> the verifier is able to infer the claimant's identity.

In general, a password is an arbitrary [[String (computer science)|string]] of [[character (computing)|characters]] including letters, digits, or other symbols. If the permissible characters are constrained to be numeric, the corresponding secret is sometimes called a [[personal identification number]] (PIN).

Despite its name, a password does not need to be an actual word; indeed, a non-word (in the dictionary sense) may be harder to guess, which is a desirable property of passwords. A memorized secret consisting of a sequence of words or other text separated by spaces is sometimes called a [[passphrase]]. A passphrase is similar to a password in usage, but the former is generally longer for added security.<ref>{{cite web |title=Passphrase |url=https://csrc.nist.gov/glossary/term/Passphrase |publisher=Computer Security Resource Center (NIST) |access-date=17 May 2019}}</ref>