The digest access authentication method used in the voice over IP signaling protocol, SIP, is weak. This authentication method is the only method with mandatory support and widespread adoption in the industry. At the same time, this authentication method is vulnerable to a serious real-world attack. This poses a threat to VoIP industry installations and solutions. In this paper, the authors propose a solution that counters attacks on this wide-spread authentication method. They also propose a two-step migration towards a stronger authentication in SIP. They add support for a password authenticated key exchange algorithm that can function as a drop-in replacement for the widely adopted digest access authentication mechanism.