A Technical Comparison of TTLS and PEAP
Subject:   Two Factor Authentication in TTLS with RSA SecurID
Date:   2002-12-10 16:34:13
From:   MatthewGast
Response to: No Two Factor Authentication in TTLS

> Of the three authentication methods discussed,
> only EAP-TLS and PEAP currently support two
> factor authentication. So for sites that have a
> policy that requires two factor authentication
> for remote access, there is one less choice.

TTLS supports tunneling using token cards such as SecurID or Secure Computing's SafeWord. You can pass a username and a token code to the two-factor authentication server.

As an example, RSA has certified the use of Funk's Odyssey TTLS client with the ACE Server and SecurID. (See RSA's page for details, as well as the Implementation Guide with the details.)