Tag Authentication

Algorithmic passwords - Memorable, high entropy, and unique

Background Passwords… ugh. I would wager that passwords rank among many peoples least favorite topics, but they are an integral part of life and therefore warrant discussion. Back in 2003 NIST published authentication guidelines for the US Federal government. Those requirements are largely responsible for password requirements for the last 15 years. In typical NIST fashion the document is comprehensive, includes threat models, mitigations, and detailed requirements. For their purposes a password is referred to as a “Memorized Secret Token” and the relevant threats and mitigations are: