I'm deploying WPA Enterprise for the first time (for home-use). Can someone please provide me with a bit of insight on the different WPA Enterprise authentications mechanisms?
Which one of them is most secure? Which one is most compatible (WinXP, Win7, Win8, Win8.1 Win10, Linux, MacOS)? Which one is recommended to use? I'm looking for something that can also authenticate the access point itself to thwart evil twin access points (don't mind, if it's certificate-based).
- LEAP - No native Win support. Vulnerable, don't use!
- FAST GTC/MSCHAPv2 - Replacement for LEAP.
- EAP-MD5 - Provides minimal security
- EAP-TLS cert/pw - Supposedly well supported
- EAP-TTLS cert/pw, PAP/CHAP/MSCHAPv2 - How does this compare to TLS in terms of security?
- PEAP cert/pw, MD5/GTC/MSCHAPv2 - ???
Thanks in advance!
EDIT: Some resources I found so far...
https://en.wikipedia.org/wiki/Extens...ation_Protocol
https://serverfault.com/questions/34...nstead-of-peap
EDIT 2: Well by the looks of it it's either EAP-TTLS or PEAP. Personally I'm looking at EAP-TTLS-PAP because eduroam also uses it, but PEAP has better support in Windows.