SecPlusTrainer / Glossary / What is PAP vs CHAP vs EAP?
D3 · Architecture

What is PAP vs CHAP vs EAP?

PAP: sends passwords in cleartext — insecure. CHAP: uses MD5 challenge-response — never sends password. MS-CHAP: Microsoft version (legacy). EAP: extensible framework supporting many methods (TLS, PEAP, etc.).
Never use PAP — cleartext passwords. CHAP is better but MD5 is weak. EAP-TLS (certificate-based) is the gold standard for wireless auth. PEAP (EAP inside TLS tunnel) is the most common enterprise Wi-Fi auth. EAP methods are used inside 802.1X.

Related Terms

What is a Web Application Firewall (WAF)? What is BeyondCorp and zero trust? What is BYOD and its security risks? What is a captive portal?
← Back to Glossary Practice Questions →