Instead, Microsoft recommended that IT administrators add PEAP (Protected Extensible Authentication Protocol) to secure passwords for VPN sessions. A support document described how to configure servers and clients for PEAP.
via Microsoft warns of ‘man-in-the-middle’ VPN password hack – Computerworld.