Wireless

EAP Transport Layer Security (EAP-TLS)3 is one of the most secure authentication methods, as it uses certificates on the server side and client side, instead of login and passwords, so the client and server mutually authenticate each other.

EAP Tunneled Transport Layer Security (EAP-TTLS), as the name suggests, also uses TLS. As opposed to EAP-TLS, it does not necessarily need client certificates. It creates a tunnel and then exchanges the credentials using one of the few possible different inner methods (also called phase 2), such as Challenge-Handshake Authentication Protocol (CHAP),4 Authentication Protocol (PAP),5 Microsoft CHAP (MS-CHAP),6 or MS-CHAPv2.

Similarly to EAP-TTLS, Protected Extensible Authentication Protocol (PEAP)7 also creates a TLS tunnel before credentials are exchanged. Although different methods can be used within PEAP, MS-CHAPv2 is a commonly used inner method.

PEAP and EAP-TLS mostly differ on how the data is exchanged inside the TLS tunnel.