- The Wi-Fi Alliance announced the next-generation WPA3 security protocol
- The new protocol includes several improvements, especially for open WiFi networks
- WPA3-certified devices are expected to ship later this year
The WPA2 security protocol for Wi-Fi has been with us for almost 20 years. The Wi-Fi Alliance thinks that’s long enough. The Alliance, the network of companies like Apple, Microsoft, Qualcomm, and more, that brought WiFi to the world, announced its next-generation WPA3 security protocol Monday.
Unlike previous incarnations, WPA3 finally secures open WiFi networks by using individualized data encryption. This means the connection between your device on the network and the router is scrambled to ensure websites you visit aren’t tampered with.
Security researcher Mathy Vanhoef believes that could refer to Opportunistic Wireless Encryption, or encryption without authentication, though we are not completely sure if that is what the Wi-Fi Alliance is using.
Also notable is WPA3’s newer kind of handshake. WPA2 uses a four-way handshake to allow devices with pre-shared passwords to join a network. The new handshake, Vanhoef told ZDNet, “will not be vulnerable to dictionary attacks.”
For context, a dictionary attack is an attempted illegal entry to a computer system using a dictionary headword list to guess passwords.
WPA3 also blocks attackers once they make too many incorrect password guesses and implements a 192-bit security suite aligned with the Commercial National Security Algorithm (CNSA) Suite. This gives greater protection for government, defense, and industrial networks, which have higher security requirements than other networks.
Even if your password is relatively weak, WPA3 includes “robust protection” and simplifies security configurations for devices with either have very small displays or no displays at all.
Even with all of the improvements, WPA2 isn’t going away just yet — even with the recent KRACK exploit, which basically puts all modern networks using WPA or WPA2 at risk. Last October, it was reported that 41 percent of Android devices were vulnerable to the exploit, and even though Google pushed out security patches to address it, they have not made it to other affected devices.
It is unlikely current devices will be updated to support WPA3, though devices using the protocol are expected to ship later this year.