Here are the EAP methods you'll encounter:
EAP-TLS. Uses certificates on both sides. Most secure but requires certificate infrastructure.
PEAP (Protected EAP). Server certificate creates a TLS tunnel. Username/password goes through the tunnel. Easier deployment than EAP-TLS.
EAP-TTLS. Similar to PEAP. Server certificate protects inner authentication.
EAP-FAST. Cisco's method using Protected Access Credentials (PACs). No server certificate required.
EAP-MD. Simple password hash. Weak security. Avoid in production.