EAP Allows for arbitrary authentication of a remote access connection through the use of authentication schemes, known as EAP types. EAP offers the strongest security by providing the most flexibility in authentication variations. For more information, see EAP (http://go.microsoft.com/fwlink/?linkid=140608). MS-CHAP v2 Supports two-way mutual authentication. The remote access client receives verification that the remote access server that it is dialing in to has access to the user’s password. MS-CHAP v2 provides stronger security than CHAP. For more information, see MS-CHAP v2 (http://go.microsoft.com/fwlink/?linkid=140609). CHAP Uses the Message Digest 5 (MD5) hashing scheme to encrypt the response. CHAP is an improvement over PAP, in that the password is not sent over the PPP link. CHAP requires a plaintext version of the password to validate the challenge response. CHAP does not protect against remote server impersonation. For more information, see CHAP (http://go.microsoft.com/fwlink/?linkid=140610). PAP Uses plaintext passwords. Typically used if the remote access client and remote access server cannot negotiate a more secure form of validation. PAP is the least secure authentication protocol. It does not protect against replay attacks, remote client impersonation, or remote server impersonation. For more information, seePAP (http://go.microsoft.com/fwlink/?linkid=140611).