Which EAP method utilizes simple passwords and the challenge-handshake authentication process to provide remote access authentication?

EAP-MD5 is the method that fits this description because it uses a simple password and a challenge-response (CHAP-style) handshake to authenticate remote access. In this approach, the server issues a random challenge, and the client responds with an MD5 hash of that challenge combined with the user’s password. The server then recomputes the hash to verify the response. This mirrors the CHAP concept where authentication is proven without sending the password itself, just a hash-based response. Other EAP methods rely on certificates (EAP-TLS), protected tunnels with inner methods (EAP-TTLS, EAP-FAST), or more complex credential handling, and do not match the idea of a straightforward password plus a challenge-response handshake. While simple and lightweight, EAP-MD5 has security drawbacks, such as the lack of mutual authentication and susceptibility to dictionary attacks, which is why stronger methods are preferred in modern deployments.