Wi-Fi gets its biggest update in 14 years — WPA3 security protocol now official
There are an estimated 9 billion Wi-Fi enabled devices in the wild today and for almost a decade and a half, they have been using the WPA2 (Wi-Fi Protection Access) authetication protocol making them a ripe target for hackers of all kinds. Add to the fact that most Wi-Fi passwords are simple dictionary words or the neighbor's dog's name and you have a perfect recipe for disaster. All that will soon be a thing of the past thanks to WPA3 — the Wi-Fi Alliance's update to the ageing WPA2 security protocol. Yes, it has taken them 14 years to develop but it couldn't have come at a better time.
WPA3 will support two distinct operation modes — WPA3-Personal and WPA3-Enterprise. WPA3-Personal offers high resilient, password-based authentication even when the passwords themselves do not conform to the specified complexity requirements. WPA3-Personal uses Simultaneous Authentication of Equals (SAE) that helps prevent offline dictionary attacks. Hackers use offline dictionary attacks to physically eavesdrop on communications and try a brute-force attack by cycling through dictionary phrases till they find a match. While offline dictionary attacks are difficult for complex passwords, the average Joe might just use his surname and year of birth totalling up to 8 characters making the attack relatively simple. SAE prevents this process by restricting the ability to make only a single guess at a time. Every time the hacker wants to guess a password, he/she would have to interact live with the router, which will have the necessary protections built-in to prevent repeated guessing.
WPA3-Personal is also getting another feature called forward secrecy. It basically means that even if a hacker manages to breach your credentials, devices can encrypt the transmission that occured prior to the attack. WPA2, on the other hand, made it easy to decrypt the older information as well. Likewise, the enterprise is also getting its own share of security measures in the form of WPA3-Enterprise. WPA3-Enterprise comes with a 192-bit cryptographic strength to protect sensitive government and financial data.
The Wi-Fi Alliance is also introducing a new feature called Wi-Fi Certified Easy Connect that helps in easy onboarding of Wi-Fi devices that have limited or no displays such as Internet of Things (IoT) devices, which were previously highly vulnerable on traditonal WPA2 networks. Wi-Fi Easy Connect works with a WPA3 device and pairs them securely via a QR code. Also in the offing is Wi-Fi Enhanced Open, which uses Opportunistic Wireless Encryption to automatically encrypt wireless data in public places such as coffee shops and airports. This effectively prevents man-in-the-middle attacks or any form of traffic snooping.
Implementing WPA3 will not be mandatory for new products but devices that support 802.11ax will have to inevitably support it. Over the coming months, new devices must support WPA3 in order to be Wi-Fi Certified. Of course, WPA3 devices will still continue to support the WPA2 protocol so you can still connect to existing networks at home or work. Similar to WPA2, WPA3 will receive maintanance updates during its lifetime to address security concerns as they keep coming.
All these changes are under the hood. For the end user, though, it is still a matter of typing a password to connect to the network. If you are in the market for a new Wi-Fi router, it makes sense to wait and ensure that your new purchase is WPA3-ready. Better still, a WPA3-ready 802.11ax router will make for a future-proof purchase but it could be sometime before such a combination goes mainstream.