Skip to main content

Wi-Fi security is starting to get its biggest upgrade in over a decade

Wi-Fi security is starting to get its biggest upgrade in over a decade

/

WPA3 certification starts today

Share this story

It metaphorically looks like this.
It metaphorically looks like this.

Wi-Fi devices have been using the same security protocol for over a decade. But today, that’ll begin to change: the Wi-Fi Alliance, which oversees adoption of the Wi-Fi standard, is beginning to certify products that support WPA3, the successor to the WPA2 security protocol that’s been in use since 2004.

The new protocol provides a number of additional protections for devices connected over Wi-Fi. One big improvement makes it harder for hackers to crack your password by guessing it over and over again, and another limits what data hackers can see even once they’ve uncovered the passcode. Nothing will change as far as users see it; you’ll still just type in your password and connect to the network.

WPA3 adds forward secrecy and prevents offline attacks

WPA3 protections won’t just flip on overnight — in fact, it’s going to be a many-years-long process. First, you’ll have to buy a new router that supports WPA3 (or hope that your old one is updated to support it). The same goes for all your gadgets; you’ll have to buy new ones that support WPA3, or hope your old ones are updated. Fortunately, devices that support WPA3 can still connect with devices that use WPA2, so your gadgets shouldn’t suddenly stop working because you brought something new into the house.

The first big new feature in WPA3 is protection against offline, password-guessing attacks. This is where an attacker captures data from your Wi-Fi stream, brings it back to a private computer, and guesses passwords over and over again until they find a match. With WPA3, attackers are only supposed to be able to make a single guess against that offline data before it becomes useless; they’ll instead have to interact with the live Wi-Fi device every time they want to make a guess. (And that’s harder since they need to be physically present, and devices can be set up to protect against repeat guesses.)

WPA3’s other major addition, as highlighted by the Alliance, is forward secrecy. This is a privacy feature that prevents older data from being compromised by a later attack. So if an attacker captures an encrypted Wi-Fi transmission, then cracks the password, they still won’t be able to read the older data — they’d only be able to see new information currently flowing over the network.

These changes apply to home and personal uses of Wi-Fi. Wi-Fi as it’s used in an enterprise setup, like at a large office where every user is provided a different password, is getting updates too; but it’ll have a different set of protections.

You’ll start to see WPA3 a lot more in 2020

The Wi-Fi Alliance expects WPA3 rollout to ramp up over the next year. For now, it won’t be mandatory in new products. But the next generation of Wi-Fi itself — 802.11ax — is also starting to come out and is expected to hit mass adoption in late 2019; as those devices become available, the Alliance expects the pace of WPA3 adoption to pick up. The Alliance says that, as adoption grows, WPA3 will eventually become a requirement for a device to be considered Wi-Fi certified.

Even though WPA2 is more than a decade old, it hasn’t sat untouched since then. The protocol is still maintained and updated to address new exploits and new protections; the Alliance says WPA3 will be the same way.

In addition to the start of WPA3 certification, the Alliance is also announcing a new, optional Wi-Fi feature called Easy Connect. Easy Connect is meant to simplify the process of connecting smart home gadgets to your router, which can be tricky when they don’t have screens or buttons on them. If the device (and the router it’s connecting to) supports Easy Connect, you’ll be able to scan a QR code with your phone to have the Wi-Fi credentials automatically sent to the new device. While this sounds like a great feature, it’s hard to guess how widely this will roll out, since it requires support from a lot of parties before it would really become useful.

Adoption news is brighter on the WPA3 side of things. Many companies have already announced their support, including Qualcomm, which has already starting making a chip for phones and tablets that supports 802.11ax and WPA3.