Stronger wireless security is headed to homes and businesses. That's because the Wi-Fi Alliance this week formally introduced Wi-Fi Certified WPA3, the next generation of Wi-Fi security with new capabilities to bolster personal and enterprise wireless networks. The new standard builds upon and ultimately replaces WPA2, which has seen widespread adoption over the past 10 years, enabling more robust authentication.
No small upgrade, WPA3 delivers increased cryptography strength for highly sensitive data markets. There are two modes, WPA3-Personal and WPA3-Etnerprise, both of which use the latest security methods and disallow outdated legacy protocols. Both also require the use of Protected Management Frames (PMF). The primary difference between the two comes down to the type of authentication used.
For home networks, WPA3-Personal leverages Simultaneous Authentication of Equals (SAE) in place of WP2-Personal's Pre-Shared Key (PSK) algorithm. This offers users stronger protection against password guessing attempts and offline dictionary attacks. In workplace environments, WPA3-Enterprise uses a tougher set of security protocols that offer the equivalent of 192-bit encryption. It's designed to protect networks that transmit sensitive data, such as government and finance. Specifically, it includes the following:
- Authenticated encryption: 256-bit Galois/Counter Mode Protocol (GCMP-256)
- Key derivation and confirmation: 384-bit Hashed Message Authentication Mode (HMAC) with Secure Hash Algorithm (HMAC-SHA384)
- Key establishment and authentication: Elliptic Curve Diffie-Hellman (ECDH) exchange and Elliptic Curve Digital Signature Algorithm (ECDSA) using a 384-bit elliptic curve
- Robust management frame protection: 256-bit Broadcast/Multicast Integrity Protocol Galois Message Authentication Code (BIP-GMAC-256)
"WPA3 takes the lead in providing the industry’s strongest protections in the ever-changing security landscape," said Edgar Figueroa, President and CEO, Wi-Fi Alliance. "WPA3 continues the evolution of Wi-Fi security and maintains the brand promise of Wi-Fi Protected Access."
One of the biggest benefits to home users is that the added security doesn't rely on overly complex passwords. Wi-Fi Alliance says WPA3-Personal allows users to choose passwords that are easier to remember, and will protect data traffic even if a password is compromised after the data was transmitted.
For the time being, WPA3 will work with WPA2 devices as the industry transitions to the stronger protocol. Eventually, however, the plan is cut ties with WPA2 completely.