Password-based authentication is arguably the most deployed mean of authentication in real life applications. The reasons for its wide use are easy to understand: it is mainly its user-friendliness that makes it an attractive choice. Users must remember just a password of their choice and store no other complicated data like long random keys or certificates.
Yet, solutions based on passwords have several security drawbacks. First of all, users tend to choose simple, memorizable passwords. This gives a potential attacker a non-negligible probability of guessing the password and impersonate the user. The most trivial form of this attack (repeatedly try to login until the right password is guessed) can be easily avoided, by careful protocol implementations steps (like disabling an account after a given number of unsuccessful login attempts).
A more dangerous attack is the so-called off-line dictionary attackin which the authentication protocol reveals enough information to allow efficient verification of passwords' guesses. In this case the attacker can just perform a search in the password dictionary without ever interacting with the server until he gets the correct password. Thus a major research focus for password-based authentication has been to design protocols that are secure against off-line dictionary attacks.
Group members have been very active in this arena with various proposals for password-based key agreement and the design and analysis of new frameworks.
R.Gennaro: Faster and Shorter Password-Authenticated Key Exchange. To appear in TCC 2008.
R.Canetti, S.Halevi, J.Katz, Y.Lindell and P.D.MacKenzie. Universally Composable Password-Based Key Exchange. Extended version of the paper that appeared at EUROCRYPT 2005, Springer LNCS 3494, pp.404-421.
M.Di Raimondo and R.Gennaro. Provably Secure Threshold Password-Authenticated Key Exchange. J. of Computer and System Sciences 72(6): 978-1001 (2006). Preliminary version in EUROCRYPT 2003: 507-523.
R.Gennaro and Y.Lindell. A Framework for Password-Based Authenticated Key Exchange. ACM Transactions on Information and System Security 9(2): 181-234 (2006). Preliminary version in EUROCRYPT 2003: 524-543.
S.Halevi and H.Krawczyk. Public-key cryptography and password protocols. ACM Transactions on Information and System Security, vol.2, August 1999. Preliminary version in the proceedings of the Fifth ACM Conference on Computer and Communications Security, 1998.