partial password

File:Partial_password_entry_form.png

A partial password is a mode of password authentication intended to make keystroke logging and shoulder surfing less effective.{{cite web|title="Give Me Letters 2, 3 and 6!": Partial Password Implementations & Attacks|url=http://groups.inf.ed.ac.uk/security/passwords/pps.pdf|accessdate=2015-10-14}}

By asking the user to enter only a few specific characters from their password,{{cite web|title=What is partial password verification?|accessdate=2011-03-03|work=The Co-operative Bank|url=http://ask.co-operativebank.co.uk/help/customer_services/partial_password|url-status=dead|archiveurl=https://web.archive.org/web/20110628093552/http://ask.co-operativebank.co.uk/help/customer_services/partial_password|archivedate=2011-06-28}} rather than the whole password, partial passwords help to protect the user from password theft. As only part of the password is revealed at once it becomes more difficult to obtain the password using techniques such as keystroke logging or shoulder surfing.

A paper by David Aspinall and Mike Just describes partial password implementations and attacks in a detailed study.

Tested with 110,000 simulations using passwords longer than 8 characters long, Junade Ali has noted:{{cite web |title=Banking-Grade Credential Stuffing: The Futility of Partial Password Validation |url=https://blog.cloudflare.com/banking-grade-credential-stuffing-the-true-effectiveness-of-a-partial-password-validation/ |website=The Cloudflare Blog |language=en |date=20 December 2018}}

• 58% of passwords are revealed in entirety after 7 logins, 90% after 12 and 99% after 19 logins.
• Using a dataset of 488,129 breached passwords, 58% of tested 3-character password segments were only valid for that password in the database. Additionally, 28% could be associated with only one other password and 8% with two other passwords.