Breaking Down Entropy And Passwords
Understanding The Fundamentals Of Effective Password Policies
October 11, 2011
Why Read This Report
Protecting access to information technology assets by using passwords is as old as the concept of IT security itself. Today, passwords remain a popular means of authentication. Each service guarded by user passwords has a password policy that determines the strength of the password against brute-force attacks. Establishing the right password policy for your organization requires you to understand your risk profile as well as the fundamental information-theoretical concepts that determine the password strength. This report breaks down these concepts in the framework of the National Institute of Standards and Technologies' (NIST's) authentication levels. Information security professionals can adapt the fundamentals to their policy work to determine the appropriate password length and fail-retry limit for the risk they are facing.
Already a Client?
Log in to read this document.
Become a Forrester Client
Customers are the new market-makers, reshaping industries and changing how businesses compete and win. Success depends on how well and how fast you respond. Forrester Research gives you insights and frameworks aligned to your role to shorten the time between a great idea and a great outcome, helping your teams win in the age of the customer. Contact us to learn more.
This report is available for individual purchase ($499 USD).Purchase
Table of Contents
- User Password: A Common Security Control Often Taken For Granted
- The Right Password Policy Requires An Understanding Of The Fundamentals
- Choose The Proper Password Length And Retry Limit For Your Risk Profile
- Entropy Is Your Friend — Get To Know It!
- Related Research Documents