Editing Password (section)

===Methods of verifying a password over a network===

====Simple transmission of the password====

Passwords are vulnerable to interception (i.e., "snooping") while being transmitted to the authenticating machine or person. If the password is carried as electrical signals on unsecured physical wiring between the user access point and the central system controlling the password database, it is subject to snooping by [[Telephone tapping|wiretapping]] methods. If it is carried as packeted data over the Internet, anyone able to watch the [[Network packet|packets]] containing the logon information can snoop with a low probability of detection.

Email is sometimes used to distribute passwords but this is generally an insecure method. Since most email is sent as [[plaintext]], a message containing a password is readable without effort during transport by any eavesdropper. Further, the message will be stored as [[plaintext]] on at least two computers: the sender's and the recipient's. If it passes through intermediate systems during its travels, it will probably be stored on there as well, at least for some time, and may be copied to [[backup]], [[cache (computing)|cache]] or history files on any of these systems.

Using client-side encryption will only protect transmission from the mail handling system server to the client machine. Previous or subsequent relays of the email will not be protected and the email will probably be stored on multiple computers, certainly on the originating and receiving computers, most often in clear text.

====Transmission through encrypted channels====
{{See also|Cryptography}}
The risk of interception of passwords sent over the Internet can be reduced by, among other approaches, using [[cryptography|cryptographic]] protection. The most widely used is the [[Transport Layer Security]] (TLS, previously called [[Secure Sockets Layer|SSL]]) feature built into most current Internet [[Web browser|browsers]]. Most browsers alert the user of a TLS/SSL-protected exchange with a server by displaying a closed lock icon, or some other sign, when TLS is in use. There are several other techniques in use.

====Hash-based challenge–response methods====

There is a conflict between stored hashed-passwords and hash-based [[challenge–response authentication]]; the latter requires a client to prove to a server that they know what the [[shared secret]] (i.e., password) is, and to do this, the server must be able to obtain the shared secret from its stored form. On a number of systems (including [[Unix]]-type systems) doing remote authentication, the shared secret usually becomes the hashed form and has the serious limitation of exposing passwords to offline guessing attacks. In addition, when the hash is used as a shared secret, an attacker does not need the original password to authenticate remotely; they only need the hash.

====Zero-knowledge password proofs====

Rather than transmitting a password, or transmitting the hash of the password, [[password-authenticated key agreement]] systems can perform a [[zero-knowledge password proof]], which proves knowledge of the password without exposing it.

Moving a step further, augmented systems for [[password-authenticated key agreement]] (e.g., [[Authentication and key agreement via Memorable Passwords|AMP]], [[SPEKE|B-SPEKE]], [[PAK-Z]], [[Secure remote password protocol|SRP-6]]) avoid both the conflict and limitation of hash-based methods. An augmented system allows a client to prove knowledge of the password to a server, where the server knows only a (not exactly) hashed password, and where the un-hashed password is required to gain access.