why do we need to authenticate usersSolutionCase 1 prompting

why do we need to authenticate users?

Solution

Case 1 (prompting username and password)

Let the length of username and password be n/2 characters each. Since the username is exposed to the public, the probability of success to break the password is one over x^(n/2).

Case 2 (prompting password only)

Let the length of the password be n characters. The probability of success to break the password is one over x^n.

I think the issue is in requiring passwords to be unique. If I entered my desired password, and you told me I can\'t use it, it\'s already in use, then I know that I can log in to a random persons account with the password that I would have wanted.

So, you need a username, which is unique, and can be known to everyone. Then you have a personal password, which is not necessarily unique, making even harder to guess.

While you are at it, hash and salt that password.