Authentication Protocols

This post features computer network authentication protocols.

Do not confuse the authentication protocols with the Authentication, Authorization and Accountability (AAA) protocols like RADIUS or TACACS+. Authentication protocols works in the OSI layers 2 and 3, and AAA protocols in layer 7. You can read more about the AAA protocols on this post.

List of Authentication Protocols

Authentication protocols featured on this post:

  • PAP
  • CHAP
    • MS-CHAPv2
  • EAP


Password Authentication Protocol (PAP) transmits usernames and passwords in plaintext. It offers no form of encryption; it simply provides a means to transport the logon credentials from the client to the authentication server.



Challenge Handshake Authentication Protocol (CHAP) uses a challenge-response dialogue that cannot be replayed, and performs periodic re-authentication.

It encrypts both the username and password.

CHAP is considered unsafe as it uses the vulnerable algorithm MD5.


MS-CHAPv2 is a custom update of the protocol by American company Microsoft, and its used is preferred over the original CHAP.


IEEE 802.1X is based on EAP.

You can read more about EAP on this post.

Authentication Data Standards

The authentication data standard featured on this post is:

  • SAML


Security Access Markup Language (SAML) is both a protocol an a data standard for authentication, primarily used as a web-based protocol. You can read more about it and web-based IAM protocols on this post.

External References

  • Chapman et al; “CISSP Official Study Guide 9th Edition”, 583-585; Wiley, 2021

Leave a Reply

Your email address will not be published. Required fields are marked *