What Makes EAP-TTLS/PAP Insecure?

EAP-TTLS/PAP is the most insecure 802.1x Authentication Protocol because credentials are sent over the air in plaintext. This means that every time someone connects to your organization’s Wi-Fi, they can be stolen over the air. According to the 2018 Credential Spill Report, an average of 1 million credentials were exposed daily in 2017, with no indication that this number will decrease.

What Makes EAP-TTLS/PAP Insecure?

EAP-TTLS/PAP is the most insecure 802.1x Authentication Protocol because credentials are sent over the air in plaintext. This means that every time someone connects to your organization’s Wi-Fi, they can be stolen over the air. According to the 2018 Credential Spill Report, an average of 1 million credentials were exposed daily in 2017, with no indication that this number will decrease.

Hero Image
Hero Background

Passwords are simply outdated

“79% of hacking breaches leveraged stolen credentials.”

2020 Verizon Data Breach Investigations Report

Offers Technology for Easy Configuration

 

Simple BYOD Configuration

An area of vulnerability for over-the-air credential theft is when users manually configure their devices for WPA2-Enterprise. When users omit a few difficult-to-configure settings, such as RADIUS certificate installation, they lose all the security benefits of WPA2-Enterprise and are susceptible to over-the-air credential theft. Providing onboarding/configuration technology to network users not only creates a better user experience, but it also significantly reduces the risk of over-the-air credential theft.

Replace Passwords with Certificates

While utilizing onboarding/configuration technology can minimize risks for over-the-air credential theft, they are not foolproof since users can choose not to utilize them. Using certificate-driven security guarantees that users go through an enrollment process that ensures their devices are properly configured and organizations can rest assured that privacy is protected.

Hero Background