Want to learn the best practice for configuring Chromebooks with 802.1X authentication?

Sign up for a Webinar!

Passwords vs. Digital Certificates For RADIUS Authentication

Key Points
  • Passwords are inherently unsafe as they can be stolen over the air to attack the network. EAP-TTLS/PAP and PEAP-MSCHAPv2 support only credentials to authenticate users, leaving them vulnerable to MITM attacks, brute force, and Wi-Fi spoofing.
  • Digital certificates can be deployed through the EAP-TLS protocol on a WPA2-Enterprise network for RADIUS authentication. They are phishing-resistant and cannot be stolen or misplaced.
  • A CloudRADIUS supports authentication through EAP-TLS and integrates with existing identity providers and network infrastructure for a safer and more secure network.

Businesses understand the importance of passwords for private data security but might not realize that using a network with passwords poses many security threats. As hacking techniques become more advanced, data is stolen at a rate of almost 6 million records per day. More sophisticated hacking techniques follow every advancement in security technology. Credentials require password change policies, can be easily decrypted, and are a dying security measure. Digital certificates provide a solution to all these issues.

Digital certificates provide a solution to all these issues. However, they need a Public Key Infrastructure (PKI) to operate, which can be difficult to implement unless you have a Managed PKI. SecureW2’s provides a turnkey solution that includes a Cloud PKI, last-mile certificate delivery, and a RADIUS server built for certificates. Click here to see how easy it was for our customers to switch from passwords to certificates.

Below, we explain why certificates are superior to passwords for authenticating users.

Certificates Eliminate Password Resets

Credential-based networks put the responsibility of network security on the shoulders of the users, namely through password-change policies that set dates for passwords to expire. For college students, that could be up to seven different devices. These policies can clog up an IT department with support tickets and take time away from value add tasks.

Certificates remove the onus from the end user and streamline the configuration process. Certificates eliminate the necessity of any sort of reset policy. Once a user is equipped with a certificate, they are granted network access until it expires. For example, many universities will distribute 4 year certificates to incoming students because they need network access for the 4 years they attend.

No password change policy → less reconfiguration → less support tickets.

Certificates are Better at Network Authentication

certificates credentials Credentials rely on keywords or phrases created by the end user. Certificates utilize public-private key encryption to encrypt information sent over-the-air and are authenticated with EAP-TLS, the most secure authentication protocol.

Leaderboard

A major flaw with credential-based networks can be linked to human behavior. Many people reuse passwords or use weak passwords. A man-in-the-middle (MITM) attack could easily infiltrate a credential-based network, steal a password, and then get a bonus to all of the victim’s other accounts that use the same password. MITM attacks are frightening and can lead to the loss of valuable data; certificates can eliminate that risk.

MITM attacks set up a rogue access point that can farm credentials from unwitting users. Certificates are themselves encrypted and can only be decrypted if you have the private key pair, so even if the user accidentally authenticates to a rogue network, the data that is sent is unusable to the attacker.

Certificates Are More Cost-Effective Than Passwords

Data breaches are more costly than ever before because most of our information is online today, so your cybersecurity system must be prepared. Any organization that maintains large amounts of valuable and sensitive data that must be protected.

Additionally, if your cybersecurity system is inefficient and has a poor user experience, you will see an uptick in support tickets. Every minute your IT department spends on support tickets is time taken away from preparing and updating your security system. Organization’s typically reduce up to 50% of Wi-Fi connectivity-related support tickets when they switch to SecureW2.

The difficulty and high cost of certificate-based infrastructure may have been valid in the past, but they are misconceptions nowadays. Certificates have become more streamlined and cost effective through automated onboarding software. SecureW2 offers an automated and inexpensive service that allows small-to-medium businesses get the same high-quality network security as the top dogs.

Certificates Allow You to Identify Every Network Connection

Passwords fail to identify users on a network, because they can be shared easily. You may share a unique password with Person 1, but he could give it to Person 2 and you would have no idea.

Certificates can easily put a name to every network connection. Certificates can contain a host of identifying information; MAC Address, email, username, and any other attribute that is contained in your Identity Provider.

Many K-12 schools use a PKI solution like us because they can issue Wi-Fi & SSL Inspection certificates to students simultaneously, significantly increasing their visibility into what traffic students are browsing.

Certificates Reduce Wi-Fi Related IT Requests

Credential-based networks are an outdated solution to an ever-growing problem. One layer of security is simply not safe enough for modern cyber threats. Two-factor and multi-factor authentication are clear indicators of a dynamic shift. Password change policies are an ineffective solution for a network becoming more obsolete by the day. Problems with credentials can pile onto to the IT department and take time away from more productive tasks.

Certificates offer far more advantages to the IT department and the clients. A certificate-based network can alleviate IT with less unnecessary work, keep a company’s data more secure, and allow an end user to logon to the network easily.

SecureW2 offers everything an organization needs to eliminate Wi-Fi passwords and switch to certificate-based network authentication. For more information about our cost-effective solution, check out our pricing page.

[/vc_column_text][/vc_column][/vc_row]

Learn about this author

Sam Metzler

Sam (aka Slammin Salmon, Street Hustler Sam, Samilstilskin) is a copywriter within the marketing team and a man of many nicknames. He has a degree in Marketing from the University of North Texas with previous experience in mortgage marketing and financial services.

Passwords vs. Digital Certificates For RADIUS Authentication