What Makes EAP-TTLS/PAP Insecure?

EAP-TTLS/PAP is the most insecure 802.1x Authentication Protocol because credentials are sent over the air in plaintext. This means that every time someone connects to your organization’s Wi-Fi, they can be stolen over the air. According to the 2018 Credential Spill Report, an average of 1 million credentials were exposed daily in 2017, with no indication that this number will decrease.


Passwords are simply outdated

“79% of hacking breaches leveraged stolen credentials.”

2020 Verizon Data Breach Investigations Report

Server Certificate Validation

Server certificate validation prevents over-the-air credential theft by configuring devices to validate the identity of the SSID’s server before sending credentials. It has to be configured on end-user devices, so misconfiguration is a possibility. Manual configuration, shown in video, takes 14 steps, far too many for the average user. That’s why our onboarding software includes an automatic server certificate validation configuration package.


Certificate-Based Authentication

Certificates don’t have to be difficult. We provide everything an organization needs to deploy EAP-TLS, certificate-based 802.1X for Wi-Fi security:

  • #1 rated onboarding client to enroll certificates
  • certificate management tools
  • managed device auto-enrollment gateways
  • Cloud RADIUS server with Dynamic Policy Engine
  • Managed Cloud PKI
  • CertLock Technology

And more! All our products are vendor neutral and can be integrated into your existing network infrastructure. Don’t settle for less than the best in authentication technology.


Configuration Client

The JoinNow Suite provides customizable and adaptable onboarding clients that set up devices for Wi-Fi, VPN, Web and SSL Inspection security. JoinNow takes the frustration out of delivering secure networks by delivering turnkey backend services for device enrollment, authentication and management. In an age where BYOD, IoT, and managed devices reign, our technology provides the answers by leveraging the components you currently own.

AI-Driven Anomaly Detection

Your network works while you sleep, so employ a set of eyes that doesn’t sleep either. Our AI will alert you of unusual network usage and allow you to monitor network connections and troubleshoot errors in real-time with individual devices. A bevy of end-user data including device type, operating system/build version, and application version is securely reported back to the cloud and made available for network admins for use in assessing connection patterns and creating network visibility.

Offers Technology for Easy Configuration

Simple BYOD Configuration

An area of vulnerability for over-the-air credential theft is when users manually configure their devices for WPA2-Enterprise. When users omit a few difficult-to-configure settings, such as RADIUS certificate installation, they lose all the security benefits of WPA2-Enterprise and are susceptible to over-the-air credential theft. Providing onboarding/configuration technology to network users not only creates a better user experience, but it also significantly reduces the risk of over-the-air credential theft.

Replace Passwords with Certificates

While utilizing onboarding/configuration technology can minimize risks for over-the-air credential theft, they are not foolproof since users can choose not to utilize them. Using certificate-driven security guarantees that users go through an enrollment process that ensures their devices are properly configured and organizations can rest assured that privacy is protected.

CTA Background