Password Based Authentication

is a method of verifying the identity of users who want to access a system or a service.

• uses a username and a password (a secret string of characters).
• It is simple, easy to implement, and supported by most systems.
• risks: forgetting, weak strings, reuse, stolen, guessing
• risks: cracked by phishing, brute force, and dictionary attacks
• can be stored encrypted in a database, files, or vaults.
• best stored as a hash rather than encrypted, using salting and stretching.
• salting: adding a random string of characters called a salt
• stretching: applying the hashing function multiple times to each password
• transmission: Always use HTTPS (SSL or TLS). Hash the password on the client side.
• at the server side, use of the zero-knowledge technique, for instance, using SRP (Secure Remote Protocol)
•