Password-Authenticated Key Exchange
PAKE protocols let two parties who share only a low-entropy password establish a strong cryptographic session key, while ensuring that an attacker who intercepts the exchange cannot mount an offline guessing attack. Each active guess costs the attacker a full protocol run, so weak passwords gain far more protection than with naive password transmission. The IETF documents requirements for PAKE schemes in RFC 8125, and the CFRG has since recommended CPace and OPAQUE as modern choices.