In June, the Wi-Fi Alliance released the latest version of the Wi-Fi Protected Access (WPA) protocol. WPA3, first announced in January by the Wi-Fi Alliance, was developed to mitigate the risks of open Wi-Fi networks and build on the existing WPA2 standard that has been in use in Wi-Fi devices since its introduction in 2004.
WPA2 has been mandatory in all Wi-Fi Alliance-certified devices since 2006, and over the years many severe vulnerabilities, such as the KRACK vulnerability discovered last year, have been discovered in the protocol, leaving vendors scrambling to resolve the issue for as many consumers and organisations as possible before serious breaches start occurring.
What does WPA3 offer for your organisation’s Wi-Fi security?
WPA3 introduces new security features to enhance the security of open Wi-Fi networks, which are becoming increasingly popular in public areas. By default, traffic is unencrypted in open WPA2 networks, so traffic can be snooped quite easily. Currently one of the only solutions to this problem is to use a VPN when connected to open Wi-Fi networks. With the rise of open guest networks in organisations, traffic is open to interception, even if a captive portal is used. In WPA3, all traffic on open networks is individually encrypted, finally fixing the long-known security issue in public hotspot networks.
Devices without displays will also be able to connect to WPA3 networks with ease. Using a feature called Easy Connect, if both the device and router or access point supports it, a user can scan a QR code on their phone and have the Wi-Fi credentials sent to the device. IoT devices such as smart outlets and lights or “smart home” devices will benefit from this feature. Currently, connecting to the device with a smartphone app is the only way to connect display-less devices to Wi-Fi networks, which is often a cumbersome experience.
WPA3 also protects against brute-force attacks, even if the network has been configured with a weak passphrase. A new defined “handshake” and encryption negotiation will help alleviate the risk of successful brute-force attacks on Wi-Fi networks.
What will WPA3 devices cost and when will they be available? Can I update my existing devices?
WPA3 certification covers software as well as hardware. Some newer Wi-Fi access points and devices will be able to upgrade to the new WPA3 protocol simply through a software or firmware update, though many devices, especially older devices, will have to be replaced.
If your organisation wishes to introduce a BYOD system for users, WPA3 is highly recommended to ensure that Wi-Fi security is kept to the highest standard. Widespread adoption of WPA3 will take some time but being prepared to support the first WPA3 devices would be very beneficial.
WPA3 devices can be expected to cost about the same or slightly more than WPA2 devices, and are said to start rolling out in the coming months.