WPA2, WEP, and Friends: What’s the Best Way to Encrypt Your Wi-Fi?
Whatsapp Pinterest

When setting up wireless encryption and changing your router’s Wi-Fi password, you’ll come across a variety of confusing terms — WPA2, WPA, WEP, WPA-Personal, and WPA-Enterprise. Understanding what these terms mean and how they’re different will help you protect your Wi-Fi network from eavesdroppers, Wi-Fi leeches, and criminals How to Check If Someone Is Stealing Your WiFi & What You Can Do About It How to Check If Someone Is Stealing Your WiFi & What You Can Do About It Read More .

We’ll also look at which Wi-Fi encryption standard is the truly secure way to encrypt your Wi-Fi. This is a tough question without a one-size-fits-all answer.


WEP is the oldest, least secure way to encrypt your Wi-Fi What Is WEP Wi-Fi Encryption & Why Is It Really Insecure? What Is WEP Wi-Fi Encryption & Why Is It Really Insecure? If you've set up a wireless network before, you've probably read or been told to use WPA2 instead of WEP, because WEP is bad. Why is that? And what is WEP anyway? Good questions. WEP... Read More — short of leaving it unencrypted! Its name stands for “Wired Equivalent Privacy,” which is humorous now that so many flaws have been discovered in it.

It’s very easy to crack a WEP password How Easy Is It to Crack a Wi-Fi Network? How Easy Is It to Crack a Wi-Fi Network? Wi-Fi security is important. You don't want intruders piggybacking on your precious bandwidth -- or worse. There a few misconceptions regarding Wi-Fi security, and we're here to dispel them. Read More and gain access to a WEP-secured network. WEP will only stop the most casual of Wi-Fi users from connecting to your network. Anyone who really wants access to your network can easily gain access if you’re using WEP.

There’s no reason to use WEP. If you have an ancient router that only supports WEP, you should upgrade it right now. If you have an older device that only supports WEP, you should upgrade it, too. Every recent device should support stronger WPA encryption.

WPA vs. WPA2

WPA is the newer Wi-Fi security standard. WPA stands for “Wi-Fi Protected Access.” There are two versions of WPA — WPA and WPA2. WPA was implemented first as a temporary solution for devices that originally only supported WEP. These devices could be upgraded to WPA encryption for additional security, allowing them to escape WEP and its many flaws. The original WPA was always a stop-gap solution and just isn’t as secure as WPA2.

WPA2 is the final version of Wi-Fi Protected Access. It’s the most secure option available and the one you should be using. If you have a router or another device that only supports WEP and WPA, it’s probably very old and you should upgrade. New devices that are properly set up for security should be using WPA2 out of the box. Note that there are two versions of WPA2 you can choose from, which we’ll cover below.

The Wi-Fi Protected Setup — or WPS — method of connecting to WPA-secured wireless networks is fairly insecure, however. You shouldn’t be using WPS even if you’re using WPA2.


WPA2-Personal or WPA2-PSK

The PSK in WPA2-PSK stands for Pre-Shared Key. This is also known as Personal mode. It’s intended for homes and small office networks, as it’s a much easier option to set up than the alternative, which we’ll look at below.

Your wireless router encrypts network traffic with a key. With WPA-Personal, this key is calculated from the Wi-Fi passphrase you set up on your router. Before a device can connect to the network and understand the encryption, you must enter your passphrase on it.

The primary real-world weaknesses with WPA2-Personal encryption are weak passphrases. Just as many people use weak passwords like “password” and “letmein” for their online accounts, many people will likely use weak passphrases to secure their wireless networks. A strong passphrase 7 Ways To Make Up Passwords That Are Both Secure & Memorable 7 Ways To Make Up Passwords That Are Both Secure & Memorable Having a different password for each service is a must in today's online world, but there's a terrible weakness to randomly generated passwords: it's impossible to remember them all. But how can you possibly remember... Read More should be used to properly secure the network or WPA2 won’t protect you much.

WPA2 is still fairly secure, but it’s not perfect. Some potential vulnerabilities have been found, but they’re nowhere near as easy to exploit as they are with WEP. Your main concern should be enabling WPA2-Personal on your home network and setting a strong passphrase.


WPA2-Enterprise or WPA2-802.1X

WPA2-Enterprise is also referred to as WPA2-802.1X mode because of the standard it implements. The Enterprise in the name is no joke — this is a solution that’s intended for enterprise networks as it requires more hardware and is more difficult to set up and maintain.

To use WPA2-Enterprise, you’ll need a RADIUS authentication server. RADIUS stands for Remote Authentication Dial In User Service. To authenticate with such a server, a variety of EAP — Extensible Authentication Protocols — can be used. After connecting to the Wi-Fi network, each client would have to log in with a username and password. Traffic to each client would be encrypted with a unique encryption key which isn’t derived from a pre-shared key. This is more secure than simply deriving a key from the same pre-shared key on each device. This also allows network administrators to monitor who’s connecting to the network and revoke access to specific users at any time without affecting other users.

Large businesses should implement WPA2-Enterprise for additional security, but there’s no reason home users and small businesses should set up WPA2-Enterprise. It’s much more complicated to set up and manage a RADIUS authentication server than it is to simply set a wireless passphrase on your router.


So Which Is Truly Secure?

The most secure way to set up a Wi-Fi network is with WPA2-Enterprise, so if you run a Wi-Fi network for a large business, you should be setting up a RADIUS authentication server.

Of course, you probably only have a small Wi-Fi network to manage. For regular people and small businesses, WPA2-Personal is the ideal encryption option to use. WPA2-Personal along with a strong passphrase will provide you with very good security.

WEP is very easy to crack and should not be used for any purpose.

But is WPA2 really good enough? Well, security isn’t about absolutes. Saying WPA2-Enterprise is more secure than WPA2-Personal is like saying a bank vault door is more secure than the door on your house or apartment. It’s true, but that doesn’t mean you should replace your front door with a bank vault door — it’s more expensive and difficult to manage, just like a RADIUS authentication server. For another thing, the bank needs protection from bank robbers, just as Wi-Fi networks at large corporations need more protection from corporate espionage and criminals targeting high-end targets.

In the real world, WPA2-Personal with a strong passphrase is plenty secure.

Image Credit: Keith Williamson on Flickr

Explore more about: Ethernet, LAN, Wi-Fi, Wi-Fi Hotspot.

Enjoyed this article? Stay informed by joining our newsletter!

Enter your Email

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. ssk
    March 15, 2014 at 12:34 am

    Excellent article, very well written - simple English without too many technical terms, well explained and up to the point.

  2. Brenda
    December 4, 2013 at 1:33 pm


  3. manmeet singh
    December 2, 2013 at 12:28 pm

    Well m already on wpa2 security on my wifi router!
    ;) thanx for the article .

  4. Brandon R
    November 25, 2013 at 12:45 am

    Great article I always tought WPS was secure guess I'll have a read on that article next.

  5. Said Bakr
    November 21, 2013 at 9:14 pm

    I wonder, is there any router contain a built in RADIUS server?!

  6. dragonmouth
    November 21, 2013 at 9:07 pm

    Use MAC filtering to exclude all MAC addresses except the ones you know. You should use any method that makes it more difficult for hackers or war drivers to access your network. Having said that, you need to understand that MAC filtering will not deter for long anyone really intent on breaking into your network.

    WEP is pronounced "weep" because that is what you do after your WiFi is compromised.

  7. Ancrypt
    November 21, 2013 at 3:53 pm

    Sir, How would you suggest MAC address filtering with all above mentioned options for personal use

  8. Paul
    November 21, 2013 at 9:16 am

    good point about WPS as it makes your router hackable...not a lot of people know that! - always disable WPS

  9. givesuccess
    November 21, 2013 at 6:12 am

    Even passphrases can eventually be found if you were to try every combo of keys but it would take a very lomg time but not impossible. Wep is a joke! I was able to get past my own routers wep key in under 1 min! I think WEp will be phased out in a few years so it will be harder for some people to get free wifi!

  10. Tom S
    November 21, 2013 at 1:44 am

    This is great information to know. Easy to understand for anyone. I will definitely check my settings!