WPA2 vs. WPA3

Sabrina Polin, Managing Editor

In this video, TechTarget editor Jen English talks about the difference between WPA2 and WPA3.

How do you protect network traffic that travels through the air?

Wireless security is no easy task for IT pros to manage. Not only are internet-connected devices growing in numbers, but cyberattacks are also increasing in sophistication, making for a complex landscape to protect. That's where wireless security standards come into play.

Here we'll talk about the evolution of wireless security and the most effective ways to protect Wi-Fi traffic.

Wired Equivalent Privacy -- or WEP -- was the first 802.11 security standard developed in the '90s. WEP had the singular goal of preventing hackers from snooping on wireless data as it traveled between clients and access points.

But the encryption keys for WEP were easy to crack, and -- along with other flaws -- made it too weak to actually accomplish that goal. These flaws were even credited with leading to a large-scale cyberattack on T.J.Maxx in 2009.

Industry experts quickly recommended against using WEP, and thus Wi-Fi Protected Access -- or WPA --was released as an interim standard in 2003. It boosted encryption capabilities and was backward-compatible with WEP devices.

WPA was never expected to be a comprehensive security standard, but improved upon WEP's shortcomings and enabled fast, easy adoption while a long-term replacement was developed.

WPA2 was introduced in 2004 as a more permanent upgrade from WPA. It uses a stronger encryption algorithm, AES and stronger authentication mechanism, CCMP.

AES was developed by the U.S. government to protect classified data, comprising three symmetric block ciphers that encrypt and decrypt data using 128-, 192- and 256-bit keys. CCMP ensures message integrity and allows only authorized network users to receive data.

However, a major WPA2 flaw known as the KRACK vulnerability was discovered in 2017. While experts said the KRACK vulnerability would be hard to exploit in the real world, they recommended software patches until the next generation of wireless security arrived.

Released in 2018, WPA3 is considered the most secure wireless security standard.

WPA3 mandates the adoption of Protected Management Frames, which guard against eavesdropping and foraging, and standardizes the 128-bit cryptographic suite and disallows obsolete security protocols.

WPA3 also addresses the KRACK vulnerability with a more secure cryptographic handshake, SAE. SAE also flags excessive password guesses and enables forward secrecy (so attackers can't decrypt data with a cracked passcode).

WPA3 is not impervious to threats and has several security flaws. But experts still agree WPA3 is the most secure protocol.

In summation, no one should use WEP or WPA at all -- and only use WPA2 when WPA3 isn't supported.

Do you need to make any wireless AP replacements to stay secure? Share your thoughts in the comments, and remember to like and subscribe to Eye on Tech.

Sabrina Polin is a managing editor of video content for the Learning Content team. She plans and develops video content for TechTarget's editorial YouTube channel, Eye on Tech. Previously, Sabrina was a reporter for the Products Content team.