Why do we need a new standard?
A major weakness of WPA2 was its susceptibility to brute force attacks. WPA3 is better prepared for this type of attacks, even when users set passwords that are not considered strong. WPA3 introduces Simultaneous Authentication of Equals (SAE) to replace the WPA2 Pre-Shared Key (PSK). This fends off key reinstallation attacks like KRACK. SAE has two main uses: keeping your network devices safe while connecting to a wireless access point and defending against offline dictionary attacks.
WPA3 delivers a more individualized form of encryption via Protected Management Frames (PMF). It provides protection from eavesdropping and forging in public areas. Additionally, public networks can be secured extra with the use of Wi-Fi Enhanced Open. While this is not technically part of the WPA3-certification, companies can choose to implement it. Wi-Fi Enhanced Open ensures that traffic between your device and the access point is encrypted without having to enter a password.
WPA3-Enterprise expands the encryption to 192 bits (WPA3-Personal mode still remains 128-bit) to improve password strength. It is mostly intended for the protection of critical networks, like governments, defense, and special industrial applications.
Wi-Fi Alliance introduces Wi-Fi Easy Connect as an optional feature and alternative to WPS (Wi-Fi Protected Setup). This greatly eases the process of connecting to IoT devices without screens. It should be enough to scan a QR code on the device to initialize the connection.
Why is this new standard is still not widely adopted?
All major wireless solution providers support WPA3, both in their latest products and in their software releases. But there still is limited WPA3 compatibility on end devices, certainly on the hardware level. And with the implementation of IoT devices, which have a considerably longer lifetime, it will probably take several more years until wireless networks become ‘WPA3 only’. There will be a long transition period with both WPA2 and WPA3 devices connecting to your Wi-Fi.
So do you have to implement WPA3 in your wireless environment?
While WPA3 is a significant step forward, it already has shown some vulnerabilities. Nonetheless, WPA3 still offers better security than its predecessors. Also recently Wi-Fi Alliance announced WPA3 will become mandatory for all new certified Wi-Fi products.
For optimal security, keep all network devices up-to-date to ensure all vulnerabilities can be identified and resolved. And when buying new Wi-Fi devices, whether they are enterprise, BYOD or IoT, be sure to pay attention to their WPA3 capabilities.
Want to know more about networking?
Get in touch with one of our network and security experts.