WiFi devices have used the WPA2 protocol for over a decade, but that will start to change as the WiFi Alliance begins WPA3 certification.
WPA2 was launched in 2004 so, 14 years later, it’s ripe for replacement.
The latest protocol adds several new protections. One of the major improvements aims to prevent hackers cracking the password by repetitively making guesses.
So-called ‘dictionary attacks’ using infamous cracking apps such as Cain and Abel, John the Ripper, and L0phtCrack, have enabled hackers to use the processing power of modern computers to quickly run through various combinations of popular words.
WPA3 implements Simultaneous Authentication of Equals (SAE) which requires interaction to authenticate and receive keys. This makes the likes of dictionary attacks pretty much impossible as hackers can no longer capture data from a WiFi stream and guess at it over-and-over until the password is cracked.
Better still, from a user standpoint, the same passwords can be used as before.
Next up is Opportunistic Wireless Encryption (OWE) which is a “new” encryption based on RFC8110 that enables public and guest WLANs to be encrypted and secure without the need for a personal VPN.
A cryptographic boost to 192-bit aims to maintain data integrity on networks requiring the highest security, even in a post-quantum computer era.
The final addition is specifically for IoT devices. The ‘Easy Connect’ feature uses the new ‘Device Provisioning Protocol’ to provide a simple and secure way to add these devices to a Wi-Fi network, even if they have limited or no display. A simple QR code on the device can be scanned using a phone to add it to a network.
Right now, WPA3 certification is just beginning. That means WPA2 remains mandatory and WPA3 is optional. In the future, however, there will be a point where WPA3 becomes mandatory for certified equipment.