When establishing maximum security, on what should WLAN user authentication be based?

WLAN user authentication should be based on user names and passwords because this method provides a direct and established means to verify the identity of users attempting to access the network. User name/password combinations are typically encrypted and allow for a layered approach to security. This ensures that only authorized individuals can connect to the WLAN, acting as the first line of defense against unauthorized access.

Using user names and passwords is a traditional yet effective methodology, as it aligns with standard practices in cybersecurity. It not only allows for individual accountability but also facilitates user management, such as the ability to easily revoke access when needed.

In contrast, other methods can pose limitations. Device-dependent schemes may restrict access based on the characteristics of a device but can fail to identify legitimate users if their devices are lost or stolen. Hardware security tokens provide a strong level of security but can be cumbersome and more expensive to implement widely. MAC address filtering, while it helps to some extent, can be relatively easy to spoof, which compromises its effectiveness in maintaining high-security levels.