Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image
Have one to sell? Sell on Amazon

Perfect Passwords: Selection, Protection, Authentication Paperback – Illustrated, December 11, 2005

ISBN-13: 978-1597490412 ISBN-10: 1597490415 Edition: 1st
Buy used
Buy new
Used & new from other sellers Delivery options vary per offer
73 used & new from $0.25
Rent from Amazon Price New from Used from
"Please retry"
Paperback, Illustrated, December 11, 2005
"Please retry"
$8.84 $0.25
Free Two-Day Shipping for College Students with Amazon Student Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student

Hero Quick Promo
Save up to 90% on Textbooks
Rent textbooks, buy textbooks, or get up to 80% back when you sell us your books. Shop Now
$26.28 FREE Shipping on orders over $35. In Stock. Ships from and sold by Amazon.com. Gift-wrap available.

Editorial Reviews


"What is the key to coming up with a secure password? Length. Use 10 characters or more, says Mark Burnett, author of Perfect Passwords (Syngress, $26, amazon.com). "Best are passwords that consist of a few parts"-words, prefixes, spelled-out numbers. Good examples: bluebananas and skyisfalling. "They’re easy to remember, and when you’re prompted to switch your password, you can just swap out one chunk," he says. With this method, foursaltypeanuts becomes foursaltycashews."--Real Simple Magazine


Shop the new tech.book(store)
New! Introducing the tech.book(store), a hub for Software Developers and Architects, Networking Administrators, TPMs, and other technology professionals to find highly-rated and highly-relevant career resources. Shop books on programming and big data, or read this week's blog posts by authors and thought-leaders in the tech industry. > Shop now

Product Details

  • Paperback: 182 pages
  • Publisher: Syngress; 1 edition (December 25, 2005)
  • Language: English
  • ISBN-10: 1597490415
  • ISBN-13: 978-1597490412
  • Product Dimensions: 6.2 x 0.5 x 8.9 inches
  • Shipping Weight: 9.6 ounces (View shipping rates and policies)
  • Average Customer Review: 4.3 out of 5 stars  See all reviews (9 customer reviews)
  • Amazon Best Sellers Rank: #1,619,170 in Books (See Top 100 in Books)

Customer Reviews

4.3 out of 5 stars
Share your thoughts with other customers

Most Helpful Customer Reviews

17 of 17 people found the following review helpful By Richard Bejtlich on March 17, 2006
Format: Paperback
I never thought I would find a whole book about passwords to be interesting, but I really like Mark Burnett's Perfect Passwords. This short book (134 pages without the appendices, which can be ignored) is remarkably informative. I recommend anyone developing password policies or security awareness training reading Perfect Passwords.

The book is unique because the author bases many of his recommendations on research, not theory. He says that over the course of his consulting career he has collected somewhere between 3 and 4 million passwords. (This seems somewhat suspicious, but I suppose dropping the usernames would make that practice acceptable.) By performing statistical analysis on those millions of real passwords, the author knows exactly what makes a bad password.

Perfect Passwords does a good job dispelling common password policy myths. I was glad to hear him report that changing passwords once a month is a stupid idea. A weak password is not "protected" by a monthly change, since it can be broken in a matter of hours. Instead, use 15 or more characters in passwords, and change them less frequently (perhaps every 6 or 12 months, depending on sensitivity).

The author also rightfully criticizes "secret questions" and stand-alone biometrics. Both systems suffer an important flaw: "the answer to the question is usually a fact that will never change," like the make of your first car or your fingerprint. If secret questions must be used, add a three-digit code to the answer. With biometrics, always accompany them with a password.

I had no major problems with Perfect Passwords. I did think that 21 pages of words in Appendix B and 16 pages of numbers in Appendix C didn't serve any real purpose.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
12 of 12 people found the following review helpful By Thomas Duff HALL OF FAMETOP 1000 REVIEWERVINE VOICE on February 9, 2006
Format: Paperback
Mark Burnett has probably spent more time thinking and investigating passwords that either you or I. He takes all his accumulated experience and wisdom and offers it up in the book Perfect Passwords - Selection, Protection, Authentication.

Contents: Passwords - The Basics and Beyond; Meet Your Opponent; Is Random Really Random?; Character Diversity - Beyond the Alphabet; Password Length - Making It Count; Time - The Enemy of All Secrets; Living with Passwords; Ten Password Pointers - Building Strong Passwords; The 500 Worst Passwords of All Time; Another Ten Password Pointers Plus a Bonus Pointer; The Three Rules for Strong Passwords; Celebrate Password Day; The Three Elements of Authentication; Test Your Password; Random Seed Words; Complete Randomness; Index

If you've been around computer systems for any time, you've heard the conventional wisdom on creating secure passwords. And regardless of how many times it's said, you still get users picking the word "password" for access to the payroll system. Burnett has created an easy-to-read, easily-understood guide on how passwords work, how passwords are usually chosen, and why most of those methods are really bad. But rather than just be gloom and doom, he also presents a number of techniques for generating long passwords that are easy to remember but that will resist virtually all efforts at password cracking. For instance, passwords of 15 to 20 characters with a mix of upper case, lower case, numbers, and special characters are resistant to every known form of cracking attempt (even rainbow lists). But how do you pick a word or words that meet that criteria? Maybe you use rhyming (poor-white-dog-bite) or repetition (2bitter@2bitter.com). Visualization is pretty good, too (Frozen banana in my shoe.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
10 of 12 people found the following review helpful By Roger A. Grimes on April 12, 2006
Format: Paperback
Mark has made a great, quick, must-read book on passwords. I had read a few chapters of it before it was published (my quote is on the back cover), and liked it, but the overall book should be read by all system administrators. It contains commonsense, practical advice, just more of it than most of us have thought about alone-all in one place.

I think every system administrator will see one or two of their own personal passwords in the book...which is a wake-up call.

I was able to quickly read/skim the entire book, pull out all the useful tips in under an hour while my daughter was getting her braces tightened. A complete slow read would probably take a day. I think all system administrators should buy and understand this book.

Roger A. Grimes
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
3 of 3 people found the following review helpful By G. Parks on December 29, 2009
Format: Paperback Verified Purchase
Review For: "Perfect Passwords: Selection, Protection, Authentication", ISBN 1597490415, by Mark Burnett, 2005

There are LOTS and LOTS of tips and tricks in this book for forming long, memorable, and hard-to-crack passwords. But if all you're interested in is the Meat and Potatoes, I can shortcut the matter and give it to you here: "The Perfect Password" has eight (8) elements to it:

1. It has UPPERCASE letters (ABC...).
2. It has lowercase letters (def...).
3. It has numbers (123...).
4. It has spaces (" ").
5. It has punctuation (.,:;-!? and the like, usually used in sentences).
6. It has symbols (@&+=>$#*^~ and the like, usually NOT used in sentences).
7. It has respelling (i.e., no words that can be found in a
dictionary -- for example, using "kwean", and not "queen").
8. It has more than 15 characters, and the more the better.

That's it, Jack! If you can easily come up, on the spur of the moment, with a passphrase or password which meets ALL of these criteria, AND which is easy to remember... then YOU DON'T NEED TO BUY THIS BOOK, you've already got it made!

Otherwise, the aforementioned Tips & Tricks will come in very very handy. And not only that, it's (surprisingly!) entertaining, too -- like the annectdote about the author's 5-year-old son, whose password was:


(Shux, his son liked the letter "o", and he could count to the minimum password length of 15, so that's what the lil' kidlet tyke used, LOL!
Read more ›
1 Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Set up an Amazon Giveaway

Amazon Giveaway allows you to run promotional giveaways in order to create buzz, reward your audience, and attract new followers and customers. Learn more
Perfect Passwords: Selection, Protection, Authentication
This item: Perfect Passwords: Selection, Protection, Authentication
Price: $26.28
Ships from and sold by Amazon.com