A password, sometimes called a passcode, is a memorized secret, typically a string of characters, usually used to confirm a user's identity. Using the terminology of the NIST Digital Identity Guidelines, the secret is memorized by a party called the claimant while the party verifying the identity of the claimant is called the verifier. When the claimant successfully demonstrates knowledge of the password to the verifier through an established authentication protocol, the verifier is able to infer the claimant's identity.
In general, a password is an arbitrary string of characters including letters, digits, or other symbols. If the permissible characters are constrained to be numeric, the corresponding secret is sometimes called a personal identification number (PIN).
Despite its name, a password does not need to be an actual word; indeed, a non-word (in the dictionary sense) may be harder to guess, which is a desirable property of passwords. A memorized secret consisting of a sequence of words or other text separated by spaces is sometimes called a passphrase. A passphrase is similar to a password in usage, but the former is generally longer for added security.
- "passcode". YourDictionary. Retrieved 17 May 2019.
- "password". Computer Security Resource Center (NIST). Retrieved 17 May 2019.
- Grassi, Paul A.; Garcia, Michael E.; Fenton, James L. (June 2017). "NIST Special Publication 800-63-3: Digital Identity Guidelines". National Institute of Standards and Technology (NIST). doi:10.6028/NIST.SP.800-63-3. Retrieved 17 May 2019. Cite journal requires
- "authentication protocol". Computer Security Resource Center (NIST). Retrieved 17 May 2019.
- "Passphrase". Computer Security Resource Center (NIST). Retrieved 17 May 2019.