We are independent & ad-supported. We may earn a commission for purchases made through our links.
Advertiser Disclosure
Our website is an independent, advertising-supported platform. We provide our content free of charge to our readers, and to keep it that way, we rely on revenue generated through advertisements and affiliate partnerships. This means that when you click on certain links on our site and make a purchase, we may earn a commission. Learn more.
How We Make Money
We sustain our operations through affiliate commissions and advertising. If you click on an affiliate link and make a purchase, we may receive a commission from the merchant at no additional cost to you. We also display advertisements on our website, which help generate revenue to support our work and keep our content free for readers. Our editorial team operates independently of our advertising and affiliate partnerships to ensure that our content remains unbiased and focused on providing you with the best information and recommendations based on thorough research and honest evaluations. To remain transparent, we’ve provided a list of our current affiliate partners here.
Security

Our Promise to you

Founded in 2002, our company has been a trusted resource for readers seeking informative and engaging content. Our dedication to quality remains unwavering—and will never change. We follow a strict editorial policy, ensuring that our content is authored by highly qualified professionals and edited by subject matter experts. This guarantees that everything we publish is objective, accurate, and trustworthy.

Over the years, we've refined our approach to cover a wide range of topics, providing readers with reliable and practical advice to enhance their knowledge and skills. That's why millions of readers turn to us each year. Join us in celebrating the joy of learning, guided by standards you can trust.

What is Password Authentication Protocol?

By Kristen Grubb
Updated: May 16, 2024
Views: 8,625
Share

Password authentication protocol is a way of sending passwords over a network. The passwords are sent unencrypted after an initial link is made with the remote computer. This protocol is not considered safe and is used only when connecting to an older Unix computer that does not support more secure authentication.

The initial connection is made through a two-way handshake. Once the initial link is established and then the ID/password pair is sent to the remote server. The authentication request is sent repeatedly from the client until the request is acknowledged or terminated. To accept the password, the remote server must transmit a password authentication protocol packet with the code set to authenticate-ack. If the password is not accepted, the remote server must transmit a password authentication protocol packet with the code set to authenticate-nak and the connection is terminated.

The password authentication protocol is considered an insecure method of transmitting passwords. The passwords are sent across the network in plain text form and are easily readable from the Point-to-Point Protocol (PPP) packets. There are no protection devices in place to secure the password from password sniffing, playback or trial-and-error attacks. Also, the client is in charge of the frequency and timing of the password connection attempts.

Password authentication protocol has been outmoded by more secure protocols such as the Challenge Handshake Protocol (CHAP) and the Extensible Authentication Protocol (EAP). The more secure protocols use encryption techniques for authentication purposes. CHAP is used by PPP servers. EAP is used by both wireless networks and point-to-point connections.

The Challenge Handshake Protocol verifies the identity of the client via a three-way handshake and a shared secret. After the initial link is established, the remote server sends a challenge message to the client. The client calculates a one-way hash function that combines the challenge and the secret and sends the hash function back to the server.

The server checks the value against its own calculated value and acknowledges the connection if it matches. If the hash values do not match, the connection is terminated. This procedure is repeated at random intervals while the client and server are connected.

The Extensible Authentication Protocol is an authentication framework, not a true authentication protocol. EAP only defines the message format and provides common functions and negotiation of authentication methods. There are a large number of EAP protocols defined by both Request for Comments (RFCs) and by specific vendors.

Share
EasyTechJunkie is dedicated to providing accurate and trustworthy information. We carefully select reputable sources and employ a rigorous fact-checking process to maintain the highest standards. To learn more about our commitment to accuracy, read our editorial process.
Discussion Comments
Share
https://www.easytechjunkie.com/what-is-password-authentication-protocol.htm
Copy this link
EasyTechJunkie, in your inbox

Our latest articles, guides, and more, delivered daily.

EasyTechJunkie, in your inbox

Our latest articles, guides, and more, delivered daily.