LEAP (Lightweight Extensible Authentication Protocol)

LEAP (Lightweight Extensible Authentication Protocol) is a Cisco-proprietary version of EAP, the authentication protocol used in wireless networks and Point-to-Point connections. LEAP is designed to provide more secure authentication for 802.11 WLANs (wireless local area networks) that support 802.1X port access control.

LEAP uses dynamic Wired Equivalent Privacy (WEP) keys that are changed with more frequent authentications between a client and a RADIUS server. WEP keys are less likely to be cracked -- and less long-lived if cracked -- due to this frequency.

However, LEAP's reliance upon a version of the MS-CHAP protocol means that user credentials may not be adequately protected. More stringent authentication protocols employ a salt (a random string of data that modifies a password hash).

Cisco, Microsoft and RSA Security are promoting a more secure version of EAP, Protected Extensible Authentication Protocol (PEAP), as an Internet standard. That protocol is expected to displace LEAP.

This was last updated in July 2008

Next Steps

Now that you have background information on LEAP, brush up on the history of authentication in the enterprise and the evolution of multifactor authentication technology specifically, from key fobs to smartphones and mobile devices. Learn what questions enterprises need to ask before investing in multifactor authentication products.

Continue Reading About LEAP (Lightweight Extensible Authentication Protocol)

Dig Deeper on Identity and access management

Enterprise Desktop
Cloud Computing