passbased

Passbased is a term used to describe authentication methods that rely primarily on passwords as the user’s secret. In security discussions, passbased authentication involves a user providing a password, which is then verified by calculating a hash of the password with a stored salt and comparing it to a stored hash. Robust implementations use password hashing algorithms such as PBKDF2, bcrypt, scrypt, or Argon2 to make brute-force attacks more difficult. The use of salts prevents the reuse of hash values across users and protects against precomputed attacks.

In typical passbased systems, the server stores salted password hashes rather than plain-text passwords. During login,

Limitations of passbased authentication include vulnerability to phishing, credential stuffing, and password reuse across sites. Human

See also: password-based authentication, password hashing, multi-factor authentication, password policies, WebAuthn.