(in)Secure is a weekly column that dives into the rapidly escalating topic of cybersecurity.
Wi-Fi Protected Access (WPA) is something that internet users the world over have enjoyed the protection of for nearly two decades in one guise or another, but because it’s so unobtrusive, you might never have noticed it.
With the certification of a third-generation of that protection, (WPA3) it’s as good a time as ever to brush up on what this important security standard does and what a new version could mean for your future wireless access and hardware choices.
What does WPA actually do?
Although the original WPA was introduced in 2003, it was swiftly replaced by WPA2 in 2004 and until recently, that’s been the standard security system in place for home wireless networks and built in to just about every home router you could buy. Indeed in order to claim that a router supported “Wi-Fi” manufacturers had to include WPA2 security in their product.
WPA is a method of protecting the content you transmit between your wireless device and your router. WPA2 implemented strong encryption of wireless connections so that once the router acknowledges that your device’s Wi-Fi password matches the one in its memory, devices not connected to the network can’t snoop on the traffic you’re sending back and forth.
What’s different with WPA3?
Much as WPA2 was seen as a leap in protection for wireless internet networks, WPA3 makes a similar step forward in securing the data of the network’s users by enhancing encryption to 128-bit. It also expands beyond the home in a few interesting ways.
With WPA3 you’ll be able to connect smart devices lacking a display to your network by using a device like your smartphone.
WPA3 introduces “Simultaneous Authentication of Equals,” otherwise known as the Dragonfly Key Exchange system. It makes passwords resistant to dictionary hacks by requiring network interaction in order to attempt a login. That boils down to users being able to use easy-to-remember passwords, whilst still protecting their network from easy infiltration.
Even if you end up enjoying this new security feature though, we’d still recommend you use a complicated password and save it in a password manager.
WPA3 also takes a stab at protecting typically vulnerable public networks. Where open Wi-Fi networks in airports, coffee shops, and hotels have been easy hunting grounds for hackers in the past due to completely unsecured and unencrypted connections, WPA3 will change that with new security protocols. “Individualized data encryption” provides a fully encrypted, one-off connection for those connecting to a WPA3-certified router over an open Wi-Fi network. That means that the connection between your device and the router is encrypted, despite the fact that you never entered a password to use it.
The Internet of Things (IoT) has also received much attention under WPA3. With so many smart devices having no display, WPA3 makes it so that you’ll be able to connect these devices to your network by using a companion device like your smartphone. Instead of tapping in a password though, you’ll be able to scan a QR code, providing a quick and secure method of getting a new IoT device online.
Governments and corporations will be able to take advantage of WPA3 Enterprise too, which provides even greater security with stronger encryption options. At a minimum, WPA3-Enterprise offers 192-bit encryption, but there are also options for 256-bit and even 384-bit encryption for different authentication settings.
Will my router support it?
While we know many router manufacturers are keen to implement WPA3 security in new products, it’s not clear if existing routers will be able to.
Qualcomm, Silicon Motion, Marvell, Huawei Wireless, and Hewlett Packard have pledge support for WPA3.
Cisco recently stated that it was looking for ways to implement the enhanced security measures of WPA3 in its existing lines of networking hardware. It didn’t state whether this was something we could expect to see in just select models — or in a wide range of existing hardware though.
Linksys contacted Digital Trends to confirm its commitment to bringing WPA3 security to new and existing hardware, though again wasn’t able to provide any firm guidelines of if or when it would come to specific models.
“Linksys plans to support next-generation WPA3 security,” Linksys said in its statement. “This functionality is highly dependent on the Wi-Fi chipset provider, thus support will be on a case-by-case basis. If legacy products are supported, Linksys will deploy automatic firmware updates to all enabled products. In many cases, WPA3 support will be offered in newer chipset and products. More details will be released at time of availability.”
Intel too has committed to implementing the new standard where possible. GM of Intel’s Wireless Solutions Group, Eric Mclaughlin said, “Intel supports WPA3 and through our involvement in the test bed, we are helping our customers incorporate WPA3 into their products for enhanced security protections.”
Other companies which have also pledged support for WPA3 include Qualcomm, Silicon Motion, Marvell, Huawei Wireless, and Hewlett Packard. While most if not all of these companies will implement WPA3 in their new hardware, it remains to be seen how many WPA2 certified products that consumers and businesses currently own will be able to meet the new standards of WPA3 certification with software updates. It’s possible that such devices will be limited, as companies will likely be more interested in selling new products with certification, than adding that functionality for free to existing hardware.
When will WPA3 be available?
The first WPA3 certified devices are expected to debut towards the end of 2018, with companies like Qualcomm claiming to already be in the process of making chips for smartphones and tablets that will give them full support for the new standard. It’s possible that we’ll see certain devices retroactively certified before then, but as of yet nothing like that has materialized.
At the very least the transition process of most wireless networking hardware to WPA3 will begin in 2018 and will no doubt continue into 2019. If you’re considering buying a new router or other wireless-networking hardware, it may well be worth waiting until later in the year to see which devices will support WPA3. Before long, WPA2 will be more of a legacy standard. WPA3 may also come to new hardware hand in hand with the 802.11ax wireless networking standard which debuted last year.