password method
Password methods are mechanisms for authentication. The simplest mechanism for authentication is by entering a password or passphrase. In this process, the systemchecks the input and compares it with the stored reference password.
Since passwords have certain weaknesses that are socially related to the individual or that can be determined through systematic testing, technical measures must be taken to limit possible third-party use.
In simple systems, passwords are transmitted in plain text. They are entered in plain text, transmitted, used in plain text for authentication, and stored in plain text in the database. Such systems can only be used where the database is protected against manipulation or where the input terminal is directly connected to the authentication system and the connection cannot be manipulated.
A password method with improved security properties uses one-time passwords( OTP). The procedure is more administratively complex because the one-time passwords must be stored in the authentication system, distributed to the users and managed.
Higher security is provided by password methods that apply the hash value from the password or an encryption algorithm to the password instead of the password. This method is only secure and useful when working with changing keys. This solution can be implemented using Secure Socket Layer( SSL) or Transport Layer Security( TLS) or with the challenge- response method.