Best answer: WPA3 is the third generation of the Wi-Fi Protected Access protocol. It was developed to address inherent security flaws in WPA2 and better secure Internet of Things devices.
- WPA3 ready mesh Wi-Fi: Google Nest Wifi router and point ($269 at Best Buy)
What is WPA?
WPA stands for Wi-Fi Protected Access, and is a security certificate program created by the Wi-Fi Alliance to secure wireless networks like the one in your house. Think of WPA as a set of rules designed to protect your Wi-Fi router, all the things that use it to connect to that router, and all the traffic that’s sent through those devices. Two devices don’t need to know any “secret” details of the other because a middle layer can communicate with each.
If you have a password on your Wi-Fi at home, you’re probably using WPA to secure the network. If you’re using WPA, your router login is protected by a passphrase and the data you send to it and receive from it are encrypted. WPA is the service that looks at what you used as the password on your phone or laptop when you tried to log into a Wi-Fi router, compares it to the password the router requires, and if they match it connects you and handles data decryption. Security in layers like this (the password you use is also not really the password and only generates a token that the router can check for validity) means no important information is sent in plain text. In this case, that important information would be your Wi-Fi network password.
Almost every one of us is using WPA on Wi-Fi at home or in public right now. WPA2 is the current standard. It came about in 2004 and was a big improvement over what we used prior, but like all things, it’s beginning to show its age. WPA3 addresses most of the areas where WPA2 needs to be updated.
Secure, robust and neccessary
WPA3 was officially released in June 2018, but like all things tech-related, it’s still a work in progress.
Designed as a successor to WPA2, the third version has three major goals: increase crytographic strength, be more simple to use and deploy, and be a robust solution for Internet of Things (IoT) devices.
You see, WPA2 has a big problem — a built-in flaw that allows a hacker to join your wireless network as an authorized user with full rights, the same as if you were signed in. While most flaws of this nature can be traced to bad configurations or improper setup, this time it is an actual flaw in the certification standard itself and is unpatchable.
Since over 400 million wireless networks were at risk, WPA3 was fast-tracked for release. Since it’s still new your router probably isn’t ready to use WPA3 and neither are the devices you’re going to connect to it. For now and the foreseeable future, the WPA2 standard is still required to be usable on all Wi-Fi certified devices like Google’s Nest Wifi.
Changes in WPA3
There are some pretty sizable changes coming with WPA3, and they all are the good kind of changes. We love it when that happens!
- Your password will be a lot harder to crack. With WPA2 someone can grab data you send and receive from a Wi-Fi network then try to decrypt it by using a brute-force attack (guessing over and over and over until they get it right) on your password. With WPA3 every password guess will need to be authenticated live, in real time, by the router you’re trying to connect with.
- Connecting IoT (Internet of Things) devices will be easier than ever. Ever try to set up a device without a screen? It usually involves using your phone with a direct connection, then interacting through the phone with the thing you’re trying to get connected, and finally entering the network details so they are written to whatever it is you want to be connected to your Wi-Fi. WPA3 has what’s called “Wi-Fi Easy Connect” that will let you do it by scanning a QR code with a phone on the same network. It’s like Wi-Fi Protected Setup but without all the security vulnerabilities and it will actually work.
- Data captured without knowing your password is useless even if someone gets that password later. Forward secrecy is a new feature that means data collected and saved isn’t able to be decrypted later. This makes saving data from a connection an attacker can’t hijack is useless. Attackers won’t be bothered to save useless things.
- Public hotspots will be a lot more secure. WPA3 means even open connections will encrypt data between you and the access point. This is huge. Right now, with WPA2, if you go somewhere with an open Wi-Fi access point (one where you don’t need a password) the data between you and the access point isn’t encrypted. This is how someone can see what you post on Facebook (as well as your name and password when you sign in) if you’re using Wi-Fi at McDonald’s. You won’t believe how incredibly easy it is to do, which is why it desperately needed some sort of fix. Encrypting that traffic is the best fix anyone could have asked for.
- Stronger encryption for Enterprise-grade Wi-Fi. WPA3 Personal mode will use 128-bit encryption by default. WPA3 Enterprise mode will use 192-bit encryption by default and PSK (the Pre-Shared Key system) is replaced with SAE (Simultaneous Authentication of Equals). If you don’t know what any of that means don’t feel bad about it, most people who aren’t Enterprise IT Professionals don’t because they have no need.
- A Pre-Shared Key system is where two things use the same credentials to connect with each other (like a password). Those credentials had to have been shared with two or more people/things manually before you tried to use them to authenticate.
- Simultaneous Authentication of Equals is a system where a pre-shared key and the MAC addresses of both things that want to connect are used to authenticate based on the calculation of finite cyclic groups. That’s a big math nerd thing about calculations that even normal math nerds don’t understand.
Will my phone be updated to work with WPA3?
Doubtful. Phones are what’s called a power-restrained device. That means everything they can do is limited by (and must be built to optimize for) a small rechargeable battery. The chips inside your phone that handle things like encryption algorithms and Wi-Fi encoding/decoding are only as powerful as they need to be right now. WPA3 will beef up the encryption level to 128-bit minimum, which will mean it needs more processing power to calculate in real-time. In other words, even your super-fast phone won’t be fast enough to do it.
Luckily, that’s OK. While we all want better security for our phones and know that WPA3 provides it, WPA2 will be supported and updated as needed by the Wi-Fi Alliance for a long time. It also means that a router or access point that is WPA3 capable will also be WPA2 compatible for a long time.
When can I buy a router with WPA3?
Remember the next time you buy a new wireless router you can look for WPA3 compliance, but you don’t have to panic if you don’t find it since there have been no documented cases of WPA2 being exploited just yet. Like any new standard we’ll see relatively quick adoption by the names you know when it comes to routers and smart devices.
Nest Wifi is one router that supports the new standard, and since it is backwards compatible with existing Google Wifi units, they too will be updated to use the new standard. Other routers from other manufacturers with WPA3 support are also on the way, and soon enough it will simply become standard on every router you can buy.
Whole-house Wi-Fi
Google Nest Wifi router and point
$269 at Best Buy
A mesh system with a smart speaker
Google Nest Wifi with a router and point brings fast a flexible mesh Wi-Fi with room for more expansion and a smart speaker on every point — and it’s WPA3 ready.
