Abstract or Summary:
While research continues on more sophisticated methods of authentication, password mechanisms remain the predominant method of identifying computer system users. In this paper, the goals of authentication are reviewed, and the strengths and vulnerabilities of password mechanisms are discussed. The 4.3 Berkeley Software Distribution (4.3BSD) version of UNIX is used as a case study throughout the paper. Several recommendations are presented for the improvement of password mechanisms. In particular, a simple extension of the UNIX password system is described that permits the use of pass-phrases. Part 2/2.