Trends Report

Breaking Down Entropy And Passwords

Understanding The Fundamentals Of Effective Password Policies

October 11th, 2011
Chenxi Wang, null
Chenxi Wang
With contributors:
Stephanie Balaouras , Eve Maler , Nick Hayes

Summary

Protecting access to information technology assets by using passwords is as old as the concept of IT security itself. Today, passwords remain a popular means of authentication. Each service guarded by user passwords has a password policy that determines the strength of the password against brute-force attacks. Establishing the right password policy for your organization requires you to understand your risk profile as well as the fundamental information-theoretical concepts that determine the password strength. This report breaks down these concepts in the framework of the National Institute of Standards and Technologies' (NIST's) authentication levels. Information security professionals can adapt the fundamentals to their policy work to determine the appropriate password length and fail-retry limit for the risk they are facing.

Want to read the full report?

Contact us to become a client

This report is available for individual purchase ($1495).

Forrester helps business and technology leaders use customer obsession to accelerate growth. That means empowering you to put the customer at the center of everything you do: your leadership strategy, and operations. Becoming a customer-obsessed organization requires change — it requires being bold. We give business and technology leaders the confidence to put bold into action, shaping and guiding how to navigate today's unprecedented change in order to succeed.