WAP3 will boost security in workplace Wi-Fi networks by changing the way wireless behaves on enterprise networks. The Wi-Fi Alliance, a partnership of over 550 tech companies that hashes out the protocol for Wi-Fi, announced some of these features earlier in 2018. On Monday June 25, 2018, the organization announced the protocol had been finalized.
To better secure Wi-Fi users, the new protocol will make it harder to run a common hacking attack on a personal wireless network. It's called an “offline dictionary-based attack,” and it allows hackers to make endless guesses as to what your Wi-Fi password is. WPA3 is available on new routers certified by the Wi-Fi Alliance, and it's up to individual vendors whether to install the protocol on existing routers with a software update.
WPA3 replaces WPA2, which was first introduced over a decade ago, in 2004. Security problems in WPA2 cropped up occasionally in that time, reminding us that unsecured Wi-Fi is bad news. Last year, researchers discovered an alarming security flaw called KRACK, which could let attackers on the same Wi-Fi network access your internet traffic without a password. Device manufacturers released patches for the problem, and the Wi-Fi alliance required all new routers to be tested for the vulnerability. It was a repeat of a lesson from a decade earlier, when researchers found a different problem in the encryption that keeps internet traffic secure on a Wi-Fi connection.
Manufacturers like networking giant Cisco voiced their support for WPA3 in statements Monday. Cisco said it was not only planning to implement WPA3 in its upcoming products, but also looking for ways to update devices already out in the world with software that puts the new protocol in place.
WPA3 improves on many features that were unreliable with WPA2, including passwords that are much more difficult to crack; WPA3 makes it a requirement for attackers to interact with your Wi-Fi for every password guess they make, making it much harder and time-consuming to crack. This is especially useful if you're using a weak password on your network. WPA3 also allows smart home devices to be set up on with Wi-Fi Easy Connect, which is notable due to the difficulty of setting up an IoT device on a network.
WPA3 fixes many of WPA2’s security problems, most notably the vulnerability of offline brute-force password-guessing attacks. With WPA2, an attacker is able to capture some of your Wi-Fi data, and take it away to repeatedly guess its password offline. WPA3 fixes this by only allowing you one offline password-guess, making brute force attacks almost impossible to conduct.
Another feature of WPA3 is called “forward secrecy.” Under the current standard, if an attacker gets into your network, they’ll be able to uncover all of your past data. WPA3’s changes mean that in the future an attack will only compromise ongoing traffic. WPA3 is also backwards compatible, so old devices will still work; however, they won’t get all of the new features that are available.
Overall, WPA3 appears to be a major upgrade from WPA2 and we can expect to hear more about WPA3 in the upcoming months!
Notify me of followup comments via e-mail