Password Based Authentication
- is the process of verifying identity via username and password
- static as opposed to dynamic passwords
Password Verification Methods (authenticating on multiple servers):
- authentication information is individually configured into every server
- authentication storage mode - one central node stores information and servers retrieve that information to authenticate
- authentication facilitator mode - one central node stores information and the server asks whether user input is authenticated or not
2 and 3 also require authentication of a central node
Password Storage Methods
How the server stores the client passwords in a database
|
Store in Clear/Plaintext |
vulnerable to break-in attacks |
|
Store in Hashed Form |
vulnerable to password guessing attacks when the system is broken in |
|
Store in Encrypted Form |
password guessing is difficult as it requires trying all encryption keys – which should be impractical by design |
|
Encrypt the Hashed Password |
benefit from both |