In PPP, PAP provides a simple method for a remote node to establish its identity, using a two-way handshake. The remote node repeatedly sends a username/password pair across the link until authentication is acknowledged or the connection is terminated.

Weaknesses: Passwords are sent across the link in clear text, and there is no protection from playback or repeated brute-force attacks. The remote node is in control of the frequency and timing of the login attempts.