A password is a secret word or sequence of characters used to prove identity to a system or service. In digital contexts it functions as a credential in an authentication process: a user presents a password and the system checks whether it matches an expected value. Passwords may be created and remembered by people or generated and stored by software; their security depends on secrecy, unpredictability and how they are handled by both users and systems.
Characteristics and types
Passwords vary in form and lifecycle. A static password remains the same across sessions until changed by the user or administrator. A dynamic password changes regularly or is valid for only a short period. A special type of dynamic credential is a one-time pad or one-time password: it can be used once and then discarded. Passwords may include letters, numbers, symbols and spaces; some systems permit passphrases—longer, natural-language sequences that are easier to remember while providing higher entropy.
How passwords are stored and verified
Good practice avoids storing passwords in clear text. Systems typically store a derived representation produced by a cryptographic hash function, often combined with a unique salt. During login, the supplied password is transformed the same way and compared with the stored value. Modern deployments use slow, memory-hard hashing algorithms to make bulk guessing harder. Password managers and secure vaults help users maintain many unique passwords without reusing them across services.
Common threats and mitigations
- Brute-force and guessing: attackers try many combinations; defenses include rate limiting and account lockout.
- Credential stuffing: reused passwords from breached services used elsewhere; mitigation: unique passwords per account.
- Phishing and social engineering: tricking users into disclosing passwords; mitigation: user education and multi-factor authentication.
- Storage breaches: stolen databases can expose hashed passwords; mitigations include strong hashing, salting and rapid breach response.
History and cultural role
Passwords have been used for access control for centuries, from spoken watchwords to mechanical locks. In computing, they were among the earliest methods of restricting access and remain widespread because of their simplicity and user familiarity. Over time, security communities have emphasized combining passwords with additional factors—something you have or are—to reduce reliance on a single secret.
When creating or managing passwords, prefer unique, high-entropy credentials stored in a reputable manager, enable multi-factor authentication where available, and follow service guidance on password recovery and rotation. Organizations balance usability and security through policy, education and technology to reduce the risk associated with compromised or weak passwords.