PAP is a simple password authentication protocol defined in RFC 1334 that is used to authenticate a user to a network access server used for example by internet service providers. PAP is used by Point to Point Protocol to validate users before allowing them access to server resources. Almost all network operating system remote servers support PAP.

PAP transmits unencrypted ASCII passwords over the network and is therefore considered insecure. It is used as a last resort when the remote server does not support a stronger authentication protocol, like Challenge-Handshake Authentication Protocol (CHAP) or Extensible Authentication Protocol (EAP) (while the last is actually a framework).