What is WPA3? Wi-Fi security protocol strengthens connections

The Wi-Fi Alliance has introduced the first major security improvement to Wi-Fi in about 14 years: WPA3. The most significant additions to the new security protocol are greater protection for simple passwords, individualized encryption for personal and open networks, and even more secure encryption for enterprise networks.

The original Wi-Fi Protected Access (WPA) standard was released back in 2003 to replace WEP, and the second edition of WPA came the year after. The third edition of WPA is a long-awaited and much-welcomed update that will benefit Wi-Fi industry, businesses, and the millions of average Wi-Fi users around the world—even though they might not know it.

WPA3 was announced in January and made official with the June launch of the Wi-Fi Alliance’s certification program for WPA3-Personal, which provides more individualized encryption, and WPA3-Enterprise, which boosts cryptographic strength for networks transmitting sensitive data. Along with these two deployment modes, the Wi-Fi Alliance also unveiled Wi-Fi Easy Connect, a feature that’s supposed to simplify the process of pairing Wi-Fi devices without displays, such as IoT devices; and Wi-Fi Enhanced Open, an optional feature that allows for seamless encryption on open Wi-Fi hotspot networks.

Addressing WPA2 shortcomings

The WPA2 protocol with the Advanced Encryption Standard (AES) certainly patched some security holes from the original WPA, which used the encryption protocol Temporal Key Integrity Protocol (TKIP). And WPA2 was considered much more secure than the long-dead WEP security. However, WPA2 still had significant vulnerabilities that have emerged over the past decade.

The ability to crack the WPA2-Personal passphrase with brute-force attacks – basically guessing the password over and over until a match is found – is a critical vulnerability of WPA2. Making the problem worse, once hackers captured the right data from the airwaves, they could perform these password-guessing attempts off-site, making it more practical for them. Once cracked, they could then decrypt any data they captured before or after the cracking.

Furthermore, the complexity of the network’s WPA2-Personal passphrase had a correlation to the complexity of cracking the security. Thus, if the network was using a simple password (as it’s assumed the majority do), then cracking the security was easier.