In this very long chapter, we have attempted to do justice to one of the most vexing topics in computer security from the days of the infancy of the field to todaypasswords. By now, you probably know there are no easy solutions, and you are hopefully a lot less likely to use absolutes such as "this is a strong password." When it comes down to it, we really do not know very much about what constitutes a really strong password, because it really depends on the state of the art in attacks, and that is a field we have not explored with scientific rigor yet. You also know a lot about how passwords are stored and used in Windows and how to avoid some of the common pitfalls with passwords. Finally, we briefly covered multifactor authentication, which is the topic of entire books. The interested reader is referred to the vast literature on that subject.