Isn't a password a form of security through obscurity?

Question

I know that security through obscurity is frowned upon and considered not really secure, but isn\'t a password security through obscurity? It\'s only secure so long as no one f

Answer 1

Passwords are a form of authentication. They are meant to identify that you are interacting with who you are supposed to interact with.

Here is a nice model of the different aspects of security (I had to memorize this in my security course)

http://en.wikipedia.org/wiki/File:Mccumber.jpg

Passwords are an aspect of the confidentiality aspect of security.

While probably the weaker of the forms of authentication (something you know, something you have, something you are), I would still say that it does not constitute security through obscurity. With a password, you are not trying to mask a facet of the system to try to keep it hidden.

Edit:

If you follow the reasoning that passwords are also a means of "security Throguh Obscurity" to it's logical end then All security, including things like encryption, is security through obscurity. Then that means, the only system that is not secured through obscurity is one that is surrounded in concrete and sunk to the ocean floor, no one ever being allowed to use it. This reasoning, however, is not conducive to getting anything done. Therefore we use Security Through obscurity to describe practices that use not understanding the implementation of a system as a means of security. With passwords, the implementation is known.