Which EAP variant uses certificates for authentication?

The Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) is recognized for its use of digital certificates for authentication purposes. This method involves both the client and the server presenting certificates to establish mutual authentication, which provides a high level of security.

The use of certificates helps to ensure that both parties involved in the communication are who they claim to be, thus significantly reducing the risk of unauthorized access. EAP-TLS is widely regarded as one of the most secure EAP methods available, as it not only relies on usernames and passwords but also leverages the cryptographic security of the certificates.

In context, while other EAP variants may offer different mechanisms or benefits, EAP-TLS is uniquely focused on the use of certificates, making it the standard choice for environments that require robust, certificate-based security.