Abstract: Passwords are the most widely deployed means of human-computer authentication since the early 1960s. The use of passwords, which are usually low in entropy, is delicate in cryptography because of the possibility of launching an offline dictionary attack. It is ever challenging to design a password-based cryptosystem that is secure against this attack. Password-based cryptosystems broadly cover two areas 1) Password-based authentication, e.g., password hashing schemes and 2) Password-based encryption specifically used in password-based authenticated key exchange (PAKE) protocols. This thesis is devoted to the secure design of password hashing algorithm and the analysis of existing password-based authentication systems. The frequent reporting of password database leakage in real-world highlights the vulnerabilities existing in the current password based constructions. In order to alleviate these problems and to encourage strong password protection techniques, a Password Hashing Competition (PHC) was held from 2013 to 2015. Following the announced criteria, we propose a password hashing scheme Rig that fulfills all the required goals. We also present a cryptanalytic technique for password hashing. Further, we focus on the improvement of a password database breach detection technique and on the analysis of Universal 2nd Factor protocol. This report tries to list and summarize all the important results published in the field of password hashing in recent years and understand the extent of research over password-based authentication schemes. Our significant results are listed below. 1. Following the design requirements for a secure password hashing scheme as mentioned at the PHC , we present our design Rig which satisfies all required criteria. It is a memory hard and best performing algorithm under cache-timing attack resistant category. As part of the results, we present the construction explaining the design rationale and the proof of its collision resistance. We also provide the performance and security analysis. 2. In practice, most cryptographic designs are implemented inside a Cryptographic module, as suggested by National Institute of Standards and Technology (NIST) in a standard, FIPS 140. A cryptographic module has a limited memory and this makes it challenging to implement a password hashing scheme (PHS) inside it. We provide a cryptographic module based approach for password hashing. It helps to enhance the security of the existing password-based authentication framework. We also discuss the feasibility of the approach considering the submissions of PHC. 3. The increasing threat of password leakage from compromised password hashes demands a resource consuming algorithm to prevent the precomputation of the password hashes. A class of password hashing designs which ensure that any reduction in the memory leads to exponential increase in their runtime are called Memory hard designs. Time Memory Tradeoff (TMTO) technique is an effective cryptanalytic approach for such password hashing schemes (PHS). However, it is generally difficult to evaluate the “memory hardness” of a given PHS design. We present a simple technique to analyze TMTO for any password hashing schemes which can be represented as a directed acyclic graph.