U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

Use of Passwords for Controlled Access to Computer Resources

NCJ Number
78892
Author(s)
H M Wood
Date Published
1977
Length
61 pages
Annotation
This report considers the generation of passwords and their effective application to the problem of controlling access to computer resources.
Abstract
After describing the need for and uses of passwords, the features of password schemes are categorized according to selection technique, lifetime, physical characteristics, and information content. Password protection, both in storage and transmission, is examined as are current implementations and cost considerations. The report notes that most commercial and Government time-sharing systems are continuing to rely upon passwords, which can be an effective form of personal authentication when care is taken in their selection and protection. A configuration providing a high level of security would incorporate passwords that are one-time, computer-generated, fairly unique, at least four characters long, random, encrypted when stored, and encrypted in transmission. Additional safeguards include the use of techniques such as banner lines to inform users of previous attempts at logging onto their accounts. The exact password scheme appropriate for a given system depends on the required level of security as determined by cost-risk analysis. Formal guidelines for the selection and use of password systems are needed. Tables, a glossary, figures, and over 70 references are supplied.