LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What are the main weaknesses of plain "username + password" authentication, and what mitigations help?

It's a shared secret — both you and the server know it — so it can be phished, guessed, or stolen in a server breach; mitigations include hashing, rate-limiting, and not reusing it.

How it works: the app stores a username→password table and checks for a match. The problems:

Weakness Mitigation
Server stores passwords → breach leaks them Store hashed (ideally salted) passwords, never plaintext
Brute-force / guessing Rate limiting on the login interface
Phishing — user tricked into typing it on a fake site user awareness; doesn't fully solve it
Password reuse across sites password manager, unique passwords

The fundamental flaw: it's a shared secret. Two copies exist (user + server), so there are two places to steal it from, and the user can be tricked into revealing it. Even hashing the password before sending only narrows, not closes, the gap.

Tip: Every password weakness traces back to "two parties know the same secret." That's the flaw passkeys eliminate.

From Quiz: ISF / Integrity & Content Authenticity (C2PA) | Updated: Jul 14, 2026