# authenticate(password:) Perform the `AUTHENTICATE` handshake (control-spec.txt §3.5). ``` func authenticate(password: String? = nil) async throws ``` ## Parameters `password` Optional cleartext password, used only for method (2). Ignored when cookie auth succeeds. ## Discussion Tries up to three authentication methods, in order: 1. **Cookie** — if `dataDirectory` was provided and `/control_auth_cookie` exists, the 32-byte cookie is hex-encoded and sent as `AUTHENTICATE `. 1. **Password** — if a `password` argument is supplied, sent as `AUTHENTICATE ""`. Requires Tor to be configured with matching `HashedControlPassword`. 1. **Null** — as a last resort, sends bare `AUTHENTICATE`. Works on sockets configured for no-auth (rare; also used by some test harnesses). A no-op when [`isAuthenticated`](/documentation/Tor/TorControlClient/isAuthenticated) is already `true`. > Throws: ``doc://Tor/documentation/Tor/TorError/controlAuthFailed(_:)`` if every method > exhausted returns a non-success reply (Tor reply `515`). > Important: For embedded-mode control sockets constructed via > ``doc://Tor/documentation/Tor/TorControlClient/init(fileDescriptor:preAuthenticated:dataDirectory:)`` with > `preAuthenticated: true`, this method is a no-op and never > sends `AUTHENTICATE` on the wire.