Definition

Extensible Authentication Protocol (EAP)

Contributor(s): William Burdick

The Extensible Authentication Protocol (EAP) is a protocol for wireless networks that expands on authentication methods used by the Point-to-Point Protocol (PPP), a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.

Here's how it works: in communications using EAP, a user requests connection to a wireless network through an access point (a station that transmits and receives data, sometimes known as a transceiver). The access point requests identification (ID) data from the user and transmits that data to an authentication server. The authentication server asks the access point for proof of the validity of the ID. After the access point obtains that verification from the user and sends it back to the authentication server, the user is connected to the network as requested.

This was last updated in September 2005

Next Steps

With mobile devices in mind, MFA software adds security measures (via smartphones and biometrics) to standard user name/password logins for many services and servers; while other multifactor authentication solutions couple mobile defense with an SSO tool that connects to a directory service such as Active Directory (AD) during the sign-in process.

Continue Reading About Extensible Authentication Protocol (EAP)

The Internet Society defines EAP in RFC 3748.

How to implement secure access?

From security protocols to wireless analyzers, learn wireless security best practices in this learning guide

Tips to control mobile authentication and authorization in this slideshow on mobile enterprise security threats

Learn how to reduce wireless risks and best practices for designing, deploying and monitoring secure WLANs

Dig Deeper on Web authentication and access control

challenge-response authentication In information security, challenge-response authentication is a type of authentication protocol where one entity presents a challenge or question, and another entity provides a valid response to be authenticated.

Use caution with OAuth 2.0 protocol for enterprise logins Many apps are using the OAuth 2.0 protocol for both authentication and authorization, but technically it's only a specification for delegated authorization, not for authentication.

Domain-based Message Authentication, Reporting and Conformance (DMARC) Domain-based Message Authentication, Reporting and Conformance (DMARC) is an email authentication and reporting protocol designed to help ensure the authenticity of the sender’s identity.

Kerberos Kerberos is the authentication protocol used by most operating systems. Each time a Windows client logs into a corporate network, Kerberos is being used to authenticate access.

Final specification for Fido password-killing protocol imminent The specification for a password-killing authentication protocol is imminent, says a founding member of the Fido Alliance

Hotspot 2.0 primer: Another step toward Wi-Fi/cellular integration Hotspot 2.0 and the IEEE 802.11u protocol could allow mobile device users to securely roam between Wi-Fi and cellular networks without stopping to authenticate.

Start the conversation

Send me notifications when other members comment.

-ADS BY GOOGLE

File Extensions and File Formats

A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S

T
U
V
W
X
Y
Z
#

Powered by:

SearchCloudSecurity

How to implement zero-trust cloud security

The nature of cloud environments and workloads is changing. Security team approaches must evolve in response. Learn how to ...
AWS Access Analyzer aims to limit S3 bucket exposures

Amazon Web Services introduced the Access Analyzer tool at its re:Invent event. The new option aims to help users avoid ...
How to evaluate CASB tools for multi-cloud deployments

When it comes to evaluating CASB tools, it's essential to be an informed customer. Identify your organization's usage and ...

SearchNetworking

Assess the Wi-Fi 6 features available in Wave 1 and Wave 2

Catch up on the different features available with the first wave of Wi-Fi 6, including OFDMA and Target Wake Time, and find out ...
3 networking startups rearchitect routing

Networking startups Arrcus, DriveNets and Volta Networks help service providers redefine routing in the data center and at the ...
A deep dive into the differences between 4G and 5G networks

Yes, 4G and 5G network architectures will differ, but organizations may not see change for some time. This feature explores 4G ...

SearchCIO

Shell, Halliburton, Unibap AB execs share real-world AI strategies

Technology advances like quantum computing mean AI's best years are still to come, but that doesn't mean companies aren't already...
What's the difference between RPA and IPA?

To prepare for robotic process automation combined with the more sophisticated intelligent process automation, CIOs first need to...
The technological evolution of IT industry leaders: 2000 - 2020

As technology has shifted since 2000, so have IT leaders. This guide looks at how Oracle, Cisco, Dell and SAP have adapted to ...

SearchEnterpriseDesktop

Cut through confusion of the digital workspace market

What is a digital workspace, exactly? Find out the definition of this new technology, what it means for the future of end-user ...
Windows 10 issues top list of most read stories for IT pros

IT pros seemed focused on the latest Microsoft OS, based on our most read stories for 2019. That may not come as a surprise, ...
How to fix printer problems after a Windows 10 update

Windows 10 updates, especially an update to Windows 10 version 1809, can sometimes cause printer issues. You can fix these ...

SearchCloudComputing

Review these Azure Service Bus best practices

When applications talk, you need to listen. Learn about Microsoft's cloud messaging service, its main features, best practices to...
Instill cloud change management best practices

Automation is essential to change management in the cloud. Discover the best practices that ensure your IT team is in sync and ...
How much cloud does an IT disaster recovery plan need?

It's not easy to get the right mix of traditional and cloud-based DR resources. Here's how to strike a balance between what's ...

ComputerWeekly.com

Dutch government must facilitate and coordinate a broad eID system

The Dutch government should push for an electronic ID system for its citizens that works across the public and private sectors, ...
Qualcomm claims world first for 5G mixed reality

5G-supported extended reality platform is claimed to offer more immersive, intelligent and connected experiences
Cyber security takes its place alongside UK’s armed services

Head of armed services says cyber security will take its place alongside the army, navy and air force as a key pillar of the UK’s...

Close