In computer security, challenge–response authentication is a family of protocols in which one party presents a question ("challenge") and another party must provide a valid answer ("response") to be authenticated.

The simplest example of a challenge–response protocol is password authentication, where the challenge is asking for the password and the valid response is the correct password.

Clearly an adversary who can eavesdrop on a password authentication can then authenticate itself in the same way. One solution is to issue multiple passwords, each of them marked with an identifier. The verifier can ask for any of the passwords, and the prover must have that correct password for that identifier. Assuming that the passwords are chosen independently, an adversary who intercepts one challenge–response message pair has no clues to help with a different challenge at a different time.

通常用於安全級別較高的找回密碼等功能。比如qq、微信等，需要提供多重驗證。

基於會話的安全認證機制：

A 老姑，我要和你借20元錢；

B 你是？

A 我是XX的兒子；

B 你的伯父叫什麽？姑姑叫什麽？你爸兄妹幾個？

A 嗶哩嗶哩.....

B 你爺爺叫什麽？

A bilibili

B 50元夠不夠？

A 夠了；謝謝！

Challenge–response authentication