Fotolia

New WPA3 security protocol simplifies logins, secures IoT

Latest WPA3 security protocol update adds new features to the Wi-Fi access specification for simple and secure wireless access for individuals, as well as enterprises.

Securing Wi-Fi access has long been an Achilles' heel for users of wireless networks -- especially for users of public networks, as well as for internet of things devices -- but help is on the way.

Wi-Fi Alliance, the nonprofit industry group that promotes use of Wi-Fi, has begun certifying products supporting the latest version of its security protocol, the Wi-Fi Protected Access (WPA) specification, WPA3.

The new WPA3 security protocol is intended to simplify wireless authentication, especially for IoT devices, while at the same time improving security through the inclusion of new features and removal of legacy cryptographic and security protocols.

The WPA3 security protocol, announced in January, gives enterprises and individuals a better option for securing access to Wi-Fi networks. Support for WPA2 continues to be mandatory for all products in the Wi-Fi Alliance's "Wi-Fi Certified" program, but the new WPA3 security protocol adds new capabilities for improved security, including stronger encryption and a more secure handshake.

In its press release, Wi-Fi Alliance wrote that the WPA3 security protocol "adds new features to simplify Wi-Fi security, enable more robust authentication, and deliver increased cryptographic strength for highly sensitive data markets."

The new specification defines both an enterprise option, WPA3-Enterprise, which offers enterprises the "equivalent of 192-bit cryptographic strength," to protect networks that transmit sensitive data; and an individual option, WPA3-Personal, which offers password-based authentication that can be more resilient against attacks even when "users choose passwords that fall short of typical complexity recommendations," by using a secure key setup protocol, Simultaneous Authentication of Equals (SAE), to protect against attempts by malicious actors trying to guess passwords.

Wi-Fi Alliance also rolled out Wi-Fi Certified Easy Connect, an initiative for simplifying the secure initialization and configuration of wireless internet of things devices that have little or no display interfaces. The new program permits users to add devices to Wi-Fi networks with a different device -- like a smartphone -- that can scan a product quick response (QR) code.

Support for the new protocol will be made available as vendors begin incorporating it into their products. Wi-Fi Alliance members that plan to support the WPA3 security protocol include Cisco, Broadcom, Huawei Wireless, Intel and Qualcomm. A Wi-Fi Alliance spokesperson said by email that "Wi-Fi Alliance expects broad industry adoption of WPA3 by late 2019 in conjunction with the next generation of Wi-Fi based on 802.11ax standard."

Dig Deeper on Network security