Microsoft recommends passwordless authentication methods such as Windows Hello, FIDO2 security keys, and the Microsoft Authenticator app because they provide the most secure sign-in experience.
The "Basic" HTTP authentication scheme is defined in RFC 7617, which transmits credentials as user ID/password pairs, encoded using base64. As the user ID and password are passed over the network as clear text (it is base64 encoded, but base64 is a reversible encoding), the basic authentication scheme is not secure.
Biometric authentication requires a unique physical characteristic. (something you are) such as a fingerprint scan, retinal scan, iris scan, voice recognition, or facial recognition. Location-based authentication uses your physical location or the. device you are using as part of the authentication.
Hardware tokens are physical devices with a small display showing a number that is synchronized with a server-side component. This number. changes frequently and is used in conjunction with other authentication factors, such as a password, to ensure additional security.
Unto itself, Public Key Infrastructure (PKI) does not control network access. PKI certificates can be used to authenticate and secure network traffic and can be used with NAC solutions. Secure Sockets Layer (SSL) encrypts traffic that is already on the network. You are an IT security consultant auditing a network.
Username/password is considered single-factor authentication (something you know). Fingerprint scans are also considered single-factor authentication (something you are). As the network administrator, you are asked to configure a secure VPN solution that uses multifactor authentication.
TCP is a reliable connection-oriented TCP/IP transport protocol, but it does not perform authentication. Telnet transmits data in clear text, so it is. not secure. It is used to allow administrative remote access to hosts running a Telnet daemon, usually in UNIX or Linux environments.
MS-CHAP is a valid WPA2 network authentication method, but it is not a better choice than PKI certificate authentication. WPA2 PSK is not as. secure an authentication method as PKI. SSO is not a configuration setting for WPA2 network authentication.