For maximum security, you should base WLAN user authentication on which one of the following?

• A. Device-based certificates only
• B. Biometric-only authentication
• C. Device-independent schemes, such as user names and passwords
• D. Passwordless tokens

Answer: (C)

Authenticating WLAN access by the user’s identity rather than by the device is the most flexible and auditable approach. When you baseline on user names and passwords, you can centralize verification, enforce strong password policies, and layer in multi-factor authentication, plus you can revoke access quickly if a user leaves or credentials are compromised. This creates consistent security controls across any device, making it easier to manage at scale and to track who accessed the network.

Biometric-only methods are limited by privacy concerns and the fact that biometric data can be difficult to revoke or reset if compromised. Passwordless tokens rely on possession of a physical or digital token and infrastructure to manage them, and tokens can be lost or shared, which complicates secure recovery and revocation. Device-based certificates provide strong cryptographic proof tied to a device, but they hinge on secure certificate provisioning and management; if the device is lost, stolen, or misconfigured, access can be compromised and PKI complexity adds risk.

So, using device-independent credentials like user names and passwords—ideally with additional protections such as MFA—offers robust, scalable security for WLAN access across diverse devices.