There is a new version of the main security protocol for Wi-Fi networks, and it comes with the promise of better security for passwords and a separate, stronger level of security for enterprise networks.
WPA3 is the latest iteration of the Wi-Fi Protected Access standard, a security protocol maintained by the Wi-Fi Alliance, and it represents the first major change since WPA2 was released in 2004. The base protocol has been around since 2003 and was intended as a kind of stop-gap after serious weaknesses were discovered in WEP (Wired Equivalent Privacy), the initial security protocol for wireless networks. WPA3 includes two separate modes: WPA3-Personal and WPA3-Enterprise.
The biggest change in the WPA3-Personal is the addition of Simultaneous Authentication of Equals (SAE), a protocol for key establishment between devices. SAE allows devices to authenticate to each other using only a password and doesn’t require a certificate. This mode also supports forward secrecy, a feature that ensures data that was encrypted and sent in the past will remain secure even if the password used to secure it is compromised.
WPA3-Enterprise is designed for use in large networks that require a higher level of security, and it supports the use of a number of different cryptographic tools. Both modes are interoperable with WPA2 devices. Device manufacturers likely will begin rolling out products that support WPA3 in the near future.
It’s been nearly 14 years since the last major update of WPA.
“WPA3 and Wi-Fi Enhanced Open provide a comprehensive security offering without added complexity. With WPA3, users will receive better experiences with passwords that are easier to remember and manage, and IT will be able to ensure consistent and strong cryptography throughout their infrastructure. Aruba has already begun to incorporate and certify WPA3 for future designs to ensure the most advanced protection for our customer’s data,” said Dan Harkins, distinguished technologist at Aruba, a part of Hewlett Packard.
It’s been nearly 14 years since the last major update of WPA, which is about infinity years in Internet time. Here are some things that were true when WPA2 was introduced in September 2004:
- Lance Armstrong was un-disgraced
- Flash mobs were a thing
- George W. Bush was still in his first term as president
- Facebook was seven months old, and still just for college students
- The Motorola Razr was the height of mobile technology
- Triple DES was still in use
- No one could agree on how to style Wi-Fi (this is still true)
- Roger Federer was the best tennis player in the world (this is probably still true)