The current RADIUS implementation in VyOS only supports PAP, which uses a combination of techniques to hash the user's password. Unfortunately this relies on (among other outdated techniques) MD5, a hashing algorithm that is now quite weak.
As long as the RADIUS server you're authenticating from is "internal" (or connected via secure tunnels) this doesn't present a problem. However, if you want to centralize authentication for devices out in the field, this presents a problem.
Some reading materials on the subject are available at:
https://www.untruth.org/~josh/security/radius/radius-auth.html
http://lms.uni-mb.si/~meolic/ptk-seminarske/radius.pdf
I'd recommend implementing EAP-TTLS-PAP and make it a configuration option under the "set system login radius-server" option set. An easy way to test compatibility is use of the FoxPass service (www.foxpass.com), they offer a free trial.