Security Technology Explained

Everything You Need to Know About WPA3 and Wi-Fi Security

Gavin Phillips 12-02-2018

The Wi-Fi Alliance is almost ready to deliver WPA3 to consumers and service providers. The new standard of Wi-Fi security will build upon the aging WPA2 standard, ushering in a new period of Wi-Fi security.


What does WPA3 improve? Will your router use it? And when will WPA3 become available? Let’s take a look.

What Is WPA?

WPA stands for Wi-Fi Protected Access. Your home network likely uses WPA2, the second iteration and more preferred of the WPA standard. Why? Because it’s the strongest protection available — or at least, it was.

Unfortunately, WPA2 was compromised using a key installation attack (or KRACK, for short). However, even with KRACK in play, WPA2 is still vastly more secure Your Wi-Fi Connection Isn't As Secure As You Think The WPA2 encryption security protocol that protects your Wi-Fi connection has a flaw. This is a potentially catastrophic vulnerability that could adversely affect almost anyone connected to the internet. Read More than its essentially defunct predecessor, WPA, and before that, WEP.

WPA2 governs what happens when you connect to a closed Wi-Fi network. Essentially, WPA2 uses strong encryption to keep your password and all further communication secure from anyone that wants to snoop. In fact, as of March 2006, devices displaying a Wi-Fi trademark must be WPA2 compliant.

WPA2 also introduced secure four-way handshake between the access point and potential client. Without delving too deep, this four-way handshake allows each device to confirm their password and encryption key without ever actually disclosing the key. The introduction of strong encryption to the WPA standard did cause a slight decrease in network performance, but one that is entirely negligible in comparison to the security boost.


How Is WPA3 Different?

WPA3 is the newest standard. It introduces four key components not found in WPA2. Like WPA2, unless manufacturers feature the following four components, their devices cannot be marketed as “Wi-Fi CERTIFIED™ WPA3™”.

1. Brute Force Protection

Let’s think about handshakes again. The handshake ensures the correct passwords are in use between each client as well as defining the type of encryption used to secure the connection. The KRACK exploit exposed underlying vulnerabilities You're at Risk From a KRACK Attack: Everything You Need to Know An exploit called "KRACK" (Key Reinstallation Attack) is making headlines. But what exactly is a KRACK attack? Can it be fixed? And what can you do about it? Let's take a look. Read More in the WPA2 handshake procedure.

WPA3 defines a new handshake that “will deliver robust protections even when users choose passwords that fall short of typical complexity recommendations.” This is particularly useful for those with weak passwords. The WPA3 standard will protect against brute-force dictionary attacks What Are Brute Force Attacks and How Can You Protect Yourself? Yyou've probably heard the phrase "brute force attack." But what, exactly, does that mean? How does it work? And how can you protect yourself against it? Here's what you need to know. Read More (attacks that attempt to guess passwords over and over again).

2. Public Network Privacy

By now, most internet users understand that public Wi-Fi connections are a potential liability 7 Secure Strategies to Use Public Wi-Fi Safely on Phones Is that public Wi-Fi network you just connected to safe? Before you sip your latte, and read Facebook, consider these simple secure strategies to using public Wi-Fi safely on your phone. Read More . They’re always less secure than your home connection 5 Ways Hackers Can Use Public Wi-Fi to Steal Your Identity You might love using public Wi-Fi -- but so do hackers. Here are five ways cybercriminals can access your private data and steal your identity, while you're enjoying a latte and a bagel. Read More due to the inherent security limitations of existing wireless security How Easy Is It to Crack a Wi-Fi Network? Wi-Fi security is important. You don't want intruders piggybacking on your precious bandwidth -- or worse. There a few misconceptions regarding Wi-Fi security, and we're here to dispel them. Read More — and that the vast majority of bookshop owners aren’t also network security buffs.


New WPA3 standards promise to “strengthen user privacy in open networks through individualized data encryption.” In theory, this means every time you connect to a public wireless access point your traffic will be encrypted whether you enter a password or not. This is a major step forward for public Wi-Fi security.

3. Securing the Internet of Things

The new WPA3 standard will introduce some well needed additional security for internet of Things devices Why The Internet of Things Is The Biggest Security Nightmare One day, you arrive home from work to discover that your cloud-enabled home security system has been breached. How could this happen? With Internet of Things (IoT), you could find out the hard way. Read More . It is a welcome move as more IoT devices come online without adequate security features.

A major IoT security issue is the lack of changeable passwords. Typing a new password on a toaster or blender is surprisingly difficult because your hands get burnt. I jest. It is because they don’t have a graphical user interface to interact with, making the change to a more secure password all-but impossible.

Naturally, having thousands of devices online all using a single password is causing an issue or two. For instance, the powerful Mirai botnet harnessed poorly protected IoT devices What Is a Botnet and Is Your Computer Part of One? Botnets are a major source of malware, ransomware, spam, and more. But what is a botnet? How do they come into existence? Who controls them? And how can we stop them? Read More in its massive DDoS attacks What Exactly is a DDoS Attack and How Does it Happen? Do you know what a DDoS attack does? Personally, I had no idea until I read this infographic. Read More . The number one credential used to compromise devices? A username and password combination of “Admin; Admin”, of course.


There are few details as to how WPA3 will directly enhance IoT device security, but security researchers from the University of Southampton, UK, successfully updated IoT device security by configuring them with a smartphone.

4. Stronger Encryption

WPA3 introduces 192-bit encryption and alignment “with the Commercial National Security Algorithm Suite from the Committee on National Security Systems.” While this might not be a “wow” feature, it certainly provides a significant boost to consumer security.

When Can I Use WPA3?

All of these security updates sound good, right? Luckily, the Wi-Fi Alliance think devices with WPA3 support are nearly here. They should begin to hit the market towards the end of 2018. However, as previously mentioned, the new devices must support the new features or else they will not receive the new WPA3 trademark.

Backwards Compatibility

If you were thinking of buying a new router, it is probably best to do so. WPA3 will likely appear in the latter stages of 2018, but there is a chance that the vast majority of devices simply won’t receive updates in time. Smartphones, laptops, tablets and more all need security patches or updates to make sure devices can use WPA3. You might not use a WPA3 router with your devices for quite some time after the standard actually goes live.


When it comes, it’ll be worth upgrading or changing your router. But, up to this time, the Wi-Fi Alliance hasn’t announced anything about legacy device support. Device manufacturers could create new firmware that adds WPA3 support to older devices. This would require manufacturers to apply for and receive updated certification for old devices, covering a huge time frame, too.

One criticism leveled at the Wi-Fi Alliance is the behind-doors development approach. The implementation of WPA3 is going to secure our Wi-Fi connections for at least the next decade. A transparent, consistently reviewed project might have become a more robust option than the current new specification. That said, WPA2 ageing, and a new standard was well overdue.

Will you buy a new WPA3 compatible router? Or should manufacturers update old hardware for the new standard? Let us know your thoughts below!

Related topics: Encryption, Wireless Security.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. jac viers
    June 18, 2019 at 11:57 pm

    And, after WPA3 will come WPA4, which will aver WPA3 has flaws. LOL What we have here in the USA is a Plaque of Experts with no limits to stupidity.

  2. Steve
    February 23, 2018 at 2:58 am

    I paid a lot of money for my current router. I hope I will be able to update it until I am ready to buy a new one.