logo fazpass
Home » Blog » Authentication » Why the Old Password Authentication Protocol Sucks?

Why the Old Password Authentication Protocol Sucks?

Discover why relying on old password authentication protocols (PAP) is problematic and explore more secure alternatives. Read our insightful article now.
by Rista Fathika
May 12, 2023
password authentication protocol

Have you ever heard of password authentication protocol? This is a method used to verify the identity of a user, system, or device. So, only authorized devices and users can access protected resources.

Several types of authentication protocols can be used today and each has its characteristics. Check out what is password authentication protocol and its various types, below:

What is Password Authentication Protocol?

Before knowing the various types, it is important to know the password authentication protocol definition first. password authentication protocol or PAP is an authentication protocol used in point-to-point (PPP) connections. It is a basic authentication protocol that works by sending a username and password to the remote server for authentication. PAP does not encrypt data and delivers the username and password as plain text to the authentication server.

Furthermore, this article will discuss password authentication protocol advantages and disadvantages. The advantage of using PAP is that because the operating system provides a simple user account and password, almost no additional configuration is required.

Then, it is easy to use and practical. The disadvantage is that this method does not provide a strong identity check because it is only based on passwords.

The Importance of Password Authentication Protocol Security

When more than one user is given control of a resource in an organizational network, the users' identities must be validated before access to their entitlements may be granted.

Moreover, it can only be done using a password. This method has been around for a long time and is one of the safest ways to validate a user's identity and relies on one's ability to authenticate oneself by providing the correct credentials.

So, the existence of a PAP will provide an extra layer of security. Then, the IT team can use the least privileged access to limit what other users see by applicating PAP.

For example, when employees in an organization only need access to finance. Then, they don't need to touch access to organizational development projects.

There are different types of authentication and each has its advantages and disadvantages. So when choosing the type of authentication, companies must consider many things, including UX.

Common Password Authentication Protocols

type of password authentication protocol

There are several types of PAP, each of which has its way of working. If you want to know the explanation of several types of password authentication protocols, here is an overview:

1. Challenge Handshake Authentication Protocol (CHAP)

Challenge Handshake Authentication Protocol (CHAP) is a widely used authentication protocol in computer networking. CHAP protocol is used to verify the identity of the user who wants to access a particular network. It works by providing a mutual authentication procedure between the user and the network.

CHAP protocol can prevent the attacker from accessing the network since it uses a unique ID and a secret key known only to the user and the network. This protocol is more secure than other authentication protocols such as PAP (Password Authentication Protocol) since PAP can transmit passwords in clear text over the network, exposing them to attackers.

However, CHAP protocol also has some limitations. For instance, it is vulnerable to brute-force attacks since the user's secret key is hash-based. Therefore, it is essential to set a strong password that cannot be easily guessed or cracked. Additionally, it is advisable to use the CHAP protocol in combination with other security mechanisms such as encryption to ensure that confidential data is not exposed to unauthorized persons.

2. Kerberos

It is a type of authentication protocol that works to securely identify devices and users on a network. Then, Kerberos is intended to prevent eavesdropping and replay attacks, as well as to let users securely access network resources without sending their credentials over the network.

This type of protocol works using the Kerberos authentication server, which is useful for verifying the identity of devices and users. So, when you or a device wants to access network resources, they will request access from the Kerberos authentication server.

Then, the server will verify your identity and provide a ticket-granting ticket/TGT that you can use to request access to certain resources on the network. Also, you use TGT to request access to network resources from an authentication server.

Then, the authentication server will verify the TGT, and issue a service ticket to the device or user to access the requested resource. The device or user will submit the ST to the resource server, and if the ST is valid, then access will be granted.


This is one of the fastest, simplest, and most secure protocols for accessing directory services across a network. The LDAP directory service functions as a repository and manager of information about devices, and users, and manages access to network resources.

Moreover, this data is organized in a hierarchical structure, with each object represented by a directory entry. By using LDAP, users, and applications can access and manipulate information over the network using standard protocols and commands.

LDAP is frequently used with other protocol types, such as Kerberos. The aim is to provide a more comprehensive solution for access control and authentication.

4. OAuth2

As the name implies, OAuth2 is open authorization 2.0, which allows you as a user to give third-party applications access to their resources, but without sharing their passwords.

Therefore, this password authentication protocol app is often used to enable the most secure authorization from desktops, web applications, or mobile phones. The OAuth2 protocol allows a user to authorize access to their resources to a third-party app without providing their password.

Instead, users will go to the login page and they can grant access to third-party apps by authenticating with their ID and password. The third-party app can then utilize an access token to gain access to the user's resources.


This type of protocol is useful for securely exchanging authentication and authorization data between organizations. Therefore, SAML is often used to enable SSO/single sign-on and provide secure access to resources on a web-based basis.

The way it works is by allowing users to authenticate with the SAML provider. This is a system that functions to verify user identity and issue statements regarding user identity.

Then, the statement is given to the service provider/SP SAML. SP is then used to allow users to gain access to resources without re-authentication.


This type of protocol stands for Remote Authentication Dial In User Service, which is a network protocol whose function is to authenticate users connected to the network. Usually, those who take advantage of this type of protocol are using dial-up connections or other technologies such as VPN or wireless.

Using this type of protocol, users can authenticate with a RADIUS server. This is a system that can verify user IDs and allow them access to the network. So, when you try to connect to the network, the RADIUS server will accept the access request.

Then, RADIUS will accept the access request and authenticate the user, via ID and password. After that, the RADIUS server will provide access to the network and the user gets the subnet mask and IP address.

From this article, you will know that it is important for organizations to consider using better password authentication protocols. In today's digital age, the security of our personal information and online accounts is more important than ever. Unfortunately, many people continue to use weak and insecure passwords, despite the risks that come with it.

In fact, weak passwords are one of the main reasons why accounts get hacked and sensitive information gets stolen. To keep our accounts and information safe, it's important to have better password authentication methods. These methods can include stronger and unique passwords, two-factor authentication, biometric authentication, and more. By using these methods, we can make it much more difficult for hackers to gain access to our accounts and steal our information.

Changing our authentication methods may seem like a hassle, but the long-term benefits are worth it. We can avoid the hassle of having to deal with stolen information, identity theft, and other security breaches. In addition, many companies and services now require stronger authentication methods, so it's important to stay ahead of the curve and keep ourselves protected.

In short, it's time for a change when it comes to our passwords and authentication methods. By taking the necessary steps to improve our security, we can protect our personal information and prevent unauthorized access to our online accounts.

Don't let weak passwords compromise your security. Find out why it's time for a change in our comprehensive guide to better authentication.

Integrate and Authenticate in
Better Way
Integrate all your OTPs in one dashboard for free. Or, do you want more secure and seamless experience? Get to know our seamless authentication!
See Our Products
Related Articles
Want to Keep Update on Fazpass Blog & Features?
For information about how Fazpass handles your personal data, please see our privacy policy.
fazpass logo
We are a Multi-Factor Authentication Solution Service Provider that helps enterprises engage with Omnichannel and Multi-Provider with just Single API Integration.
Jl. Delima I No. 10 Kav. DKI Meruya Sel., Kec. Kembangan, Kota Jakarta Barat Daerah Khusus Ibukota Jakarta 11610
ISO 27001FIDO_Alliance_Logo-1 1