Security involves many tradeoffs. For example, passwords are often used for authentication purposes even though a secure password is not convenient while a convenient password is not secure. This paper (and talk) will discuss (and present) what everyone needs to know about passwords, from an end-user to a system/network administrator. Relevant password cracking techniques are covered that can be used, in certain situations, to determine which users do not have secure passwords. A web-based password cracking exercise used to educate students in a general purpose security course is presented. Other related topics covered include a review of password management systems, hash-coding principles, available biometric-based password systems, etc.
