Password authentication protocol sends passwords unencrypted over a network and is insecure. It has been replaced by more secure protocols like CHAP and EAP, which use encryption techniques for authentication. CHAP uses a three-way handshake and shared secret, while EAP is an authentication framework with multiple protocols.
Password authentication protocol is a way to send passwords over a network. Passwords are sent unencrypted after an initial connection is made with the remote computer. This protocol is not considered secure and is only used when connecting to an older Unix computer that does not support more secure authentication.
The initial connection is via a two-way handshake. Once the initial connection is established, the ID/password pair is sent to the remote server. The authentication request is sent repeatedly by the client until the request is acknowledged or terminated. To accept the password, the remote server must broadcast a password authentication protocol packet with the code set to authenticate-acknowledgement. If the password is not accepted, the remote server should broadcast a password authentication protocol packet with the code set to authenticate-nak and the connection is terminated.
The password authentication protocol is considered to be an insecure method of transmitting passwords. Passwords are sent across the network in plain text form and are easily readable by Point-to-Point Protocol (PPP) packets. There are no safeguards in place to protect your password from sniffing, replaying, or trial-and-error attacks. Also, the client is responsible for the frequency and timing of password connection attempts.
The password authentication protocol has been superseded by more secure protocols such as Challenge Handshake Protocol (CHAP) and Extensible Authentication Protocol (EAP). Most secure protocols use encryption techniques for authentication purposes. CHAP is used by PPP servers. EAP is used by both wireless networks and point-to-point connections.
The Challenge Handshake protocol verifies the customer’s identity using a three-way handshake and a shared secret. After establishing the initial connection, the remote server sends a verification message to the client. The client computes a one-way hash function that combines the challenge and the secret and sends the hash function to the server.
The server checks the value against its calculated value and acknowledges the connection if it matches. If the hash values don’t match, the connection is terminated. This procedure is repeated at random intervals while client and server are connected.
The Extensible Authentication Protocol is an authentication framework, not an actual authentication protocol. EAP only defines the format of the message and provides common functions and negotiation of authentication methods. There are a number of EAP protocols defined both by Request for Comments (RFC) and by specific vendors.
Protect your devices with Threat Protection by NordVPN
