Passwords are still the primary method of authentication today, in a form of something you know. Humans are lazy, often resulting in low entropy and reused passwords.

Magnitudes of research and thought have been put into protecting passwords. They are known as the simplest form of a challenge–response authentication scheme.

Because the challenge “What is your password?” is repeated, so is the response, opening the door to possible replay attacks.

Read more at – How to Process Passwords as a Software Developer