GoVPN uses strong password authentication. That means that it uses human memorable passphrases, instead of some small high-entropy keys that must be carried with himself. Passphrases differ from passwords: they are long string of low-entropy characters – they are easy to remember and can have high overall entropy.
Strong zero-knowledge authentication means that:
Passphrases are entered directly by the human on the client side. Server side stores pre-shared verifier, containing dictionary attack resistant passphrase derivative. Attacker can not use it to act as a client.