https://community.cisco.com/t5/network-security/difference-between-pap-vs-chap-for-radius-authentication/m-p/4093081#M1070518 <P>I also realize that the ASA and NPS use the shared secret key to encrypt communication between the two but what am I missing. What drawback should I be considering for not using PAP in this instance?</P> Wed, 27 May 2020 21:05:38 GMT zrunner626 2020-05-27T21:05:38Z https://community.cisco.com/t5/network-security/difference-between-pap-vs-chap-for-radius-authentication/m-p/4092846#M1070511 <P>Can anyone describe how PAP works between ASA and Microsoft NPS for RADIUS authentication and how MS-CHAP is different?</P><P>Please don't tell me that PAP sends the password in clear text. I have taken PCAPs and I see no clear text shared secret or passwords being transmitted between the ASA and NPS. I'm trying to understand the risk if I choose to allow PAP so that we can use all Azure MFA options including one-way text message, OATH hardware tokens and mobile app verification code.</P> Wed, 27 May 2020 14:23:24 GMT https://community.cisco.com/t5/network-security/difference-between-pap-vs-chap-for-radius-authentication/m-p/4092846#M1070511 zrunner626 2020-05-27T14:23:24Z https://community.cisco.com/t5/network-security/difference-between-pap-vs-chap-for-radius-authentication/m-p/4093081#M1070518 <P>I also realize that the ASA and NPS use the shared secret key to encrypt communication between the two but what am I missing. What drawback should I be considering for not using PAP in this instance?</P> Wed, 27 May 2020 21:05:38 GMT https://community.cisco.com/t5/network-security/difference-between-pap-vs-chap-for-radius-authentication/m-p/4093081#M1070518 zrunner626 2020-05-27T21:05:38Z