Password Based Authentication

Spread the love

Password Based Authentication

is a method of verifying the identity of users who want to access a system or a service.

  • uses a username and a password (a secret string of characters).
  • It is simple, easy to implement, and supported by most systems.
  • risks: forgetting, weak strings, reuse, stolen, guessing
  • risks: cracked by phishing, brute force, and dictionary attacks
  • can be stored encrypted in a database, files, or vaults.
  • best stored as a hash rather than encrypted, using salting and stretching.
  • salting: adding a random string of characters called a salt
  • stretching: applying the hashing function multiple times to each password
  • transmission: Always use HTTPS (SSL or TLS). Hash the password on the client side.
  • at the server side, use of the zero-knowledge technique, for instance, using SRP (Secure Remote Protocol)
  •  

Leave a Reply

Your email address will not be published. Required fields are marked *