The WPA3 Security Protocol for Wi-Fi Is Ready for Certification

Earlier this year, the Wi-Fi Alliance introduced the next-generation Wi-Fi authentication protocol called WPA3 for the first time. The consortium has now started certifying routers and devices implementing this new protocol, which means we should have WPA3-enabled devices on the market soon.

A KRACK In Wi-Fi Security

Last year, a Belgian researcher disclosed a serious flaw in the WPA2 security protocol, which allowed attackers to use key reinstallation attacks (KRACKs) to change or reset users’ Wi-Fi encryption keys. Once the attackers could do that, they would be able to read all of a device’s internet traffic in plaintext.

The flaw that allowed these attacks wasn’t in the software implementation of the WPA2 protocol, which is usually what happens with most other similar bugs, but in the WPA2 protocol design itself. Because it was a protocol flaw, it affected all Wi-Fi devices, regardless of what operating system they were running.

The KRACK exploit is what prompted the Wi-Fi Alliance to rush to announce a new security protocol only months after KRACK was first revealed (plus several other months during which the researcher had privately disclosed the bug to the consortium). WPA3 aims to replace the 14-year-old WPA2 protocol.

WPA3 Enhancements

The WPA3 protocol arrives with four main enhancements. Two of them will make password-based authentication more resilient to bruteforce attacks, even when users choose simple passwords for their routers.

Another will offer improved protection to users of open networks through individualized encryption. In other words, you should be more secure when accessing WPA3-enabled airport routers in the future. The fourth feature is a 192-bit security suite for enterprise-level users.

The consortium also introduced the Wi-Fi CERTIFIED Easy Connect program to reduce the complexity of on-boarding new IoT devices, which lack an interface, to a network. Smartphones will also be able to securely connect to a new network in the same way by scanning a QR code.

This thread is closed for comments
    Your comment
  • bit_user
    Some questions I think most people will have:

    1. Does this (always) require a hardware upgrade of routers?

    2. What about client devices?

    3. What happens to WPA2 devices on a WPA3 router?
  • bit_user
    An answer to #1 (and partial answer to #2):

    This issue can be resolved through straightforward software updates, and the Wi-Fi industry, including major platform providers, has already started deploying patches to Wi-Fi users. Users can expect all their Wi-Fi devices, whether patched or unpatched, to continue working well together.

  • toadhammer
    4. When can I get it?

    Answer: No time soon. It's just a standard and no products exist yet.

    5. Will my [old thing] support this?

    Answer: Not nearly enough of them, no. Manufacturers won't respin the firmware on older stuff. But hopefully one of the open-source projects will (like openwrt), but that will likely be quite a while after new products exist.