Password Based Authentication
is a method of verifying the identity of users who want to access a system or a service.
- uses a username and a password (a secret string of characters).
- It is simple, easy to implement, and supported by most systems.
- risks: forgetting, weak strings, reuse, stolen, guessing
- risks: cracked by phishing, brute force, and dictionary attacks
- can be stored encrypted in a database, files, or vaults.
- best stored as a hash rather than encrypted, using salting and stretching.
- salting: adding a random string of characters called a salt
- stretching: applying the hashing function multiple times to each password
- transmission: Always use HTTPS (SSL or TLS). Hash the password on the client side.
- at the server side, use of the zero-knowledge technique, for instance, using SRP (Secure Remote Protocol)