In late June 2018, the Wi-Fi Alliance announced the most significant update to the Wi-Fi Protected Access standard in 14 years: WPA3. The Wi-Fi Protected Access 3 protocol brings significant security updates to the ubiquitous but aging, WPA2 protocol which was first introduced back in 2004.

WPA3 will operate in two distinct modes consistent with WPA2 before it: WPA3-Personal and WPA3-Enterprise.

Most significant points of Wi-Fi Protected Access 3:

  • Increased protection against brute-force attacks: WPA3 introduces a new handshake method that according to the Wi-Fi Alliance, "delivers robust protections even when users choose passwords that fall short of the typical complexity recommendations." What this provides is increased protection against brute-force password guessing attacks even if the network uses a weak chosen password.
  • Increased privacy on public Wi-Fi networks: WPA3 will introduce "individualized data encryption" on public open Wi-Fi networks. This means that even though a wireless network might not have a password, all communication between your device and the wireless access point will be encrypted. This results in more sophisticated end-user security on public free wireless networks even when visiting insecure HTTP websites.
  • Increased cryptographic strength: WPA3-Enterprise will increase the cryptographic suite to 192-bit security which is aligned with the Commercial National Security Algorithm Suite (CSNA). This is fantastic news for organizations transmitting sensitive data across wireless networks.
  • Easier authentication for IoT devices: With the proliferation of Internet of Things (IoT) devices both at home and in enterprise environments, WPA3 aims to alleviate a common issue. The new protocol will include a feature that promises to simplify the authentication and connection process for IoT devices that don't have displays (think light bulbs, outlets, sensors, etc.). While exact details are not known at this time, according to the Wi-Fi Alliance, the authentication process will integrate with a "device with a more robust interface, such as a smartphone" and utilize QR codes.

So, what does this mean for you?

The transition into a wide-spread adoption of the new WPA3 protocol is likely going to take a few years. As manufacturers begin to introduce devices which support WPA3 networks, there will be some interoperability issues that you will want to take note of.

While new devices which support WPA3 will still be able to connect to WPA2 networks, the inverse is will not be true. Devices which do not support the WPA3 protocol (which includes most wireless devices currently in existence today), will not be able to connect to WPA3 networks. Theoretically, it may be possible for manufacturers to update device firmware to implement WPA3 support on existing devices, but that appears to be unlikely. Most manufacturers are likely to instead, focus on implementing WPA3 support into new hardware releases moving forward.

So, before you go out and buy the first WPA3 capable wireless router that hits the market, understand that most devices currently on your network are not likely going to be able to take advantage of its fancy new WPA3 security.

Endpoint devices will need to be upgraded to models which support WPA3 prior to switching over your network to WPA3.  This way, new devices will still be able to connect to your existing WPA2 network and when the time comes to flip the switch over to WPA3, they will support that too.

Adoption of WPA3 will take some time and there may be a few bumps in the road along the way as with any major protocol update. However, WPA3 is a welcomed update to WPA2 which our security landscape stands to benefit from for years to come.