Password authentication is one of the simplest and the most convenient authentication mechanisms to deal with secret data over insecure networks. It is more fre- quently required in areas such as computer networks, wireless networks, remote login systems, operation sys- tems, and database management systems. In this paper, we shall present the result of our survey through all cur- rently available password-authentication-related schemes and get them classified in terms of several crucial criteria. To be critical, most of the existing schemes are vulnera- ble to various attacks and fail to serve all the purposes an ideal password authentication scheme should. In order to see how different password authentication schemes com- pare in different situations, we define all possible attacks and goals that an ideal password authentication scheme should withstand and achieve. We should hope that the attacks and goals we offer here can also help future re- searchers develop better schemes.
International Journal of Network Security 3(2):101–115