WiFi is the technology that lets you wirelessly connect your computer or mobile device to the internet. As with any connection on a network, there are ways for hackers to intercept the signal to steal data or manipulate the transmission. WPA3 is the latest security standard for keeping your WiFi connections secure.
It’s a great improvement over its aging predecessor (WPA2), but there remain concerns over WPA3’s security.
As a “standard”, WPA3 is not a specific piece of software. It’s not even a single algorithm or protocol. Rather, WPA3 is a collection of security methods specified by a certification organization and designated as the global “gold standard” for secure WiFi implementation.
With some 19.6 billion WiFi-capable devices currently in use, the need for secure WiFi is clear. Let’s look at how your devices are designed to keep you safe.
- WPA3 — a history
- What is WPA3?
- WPA3 versions
- Related WiFi standards
- Known weaknesses
- How to use WPA3 on your router
- Final thoughts
WPA3 — a history
The Wired Equivalent Privacy (WEP) security algorithm, introduced in 1997, was part of the original IEEE 802.11 standard that defined how WiFi networks operate. Unfortunately, it quickly became clear that WEP was fatally flawed because of weaknesses in its encryption algorithm.
In 2003, the nonprofit Wi-Fi Alliance® officially announced the successor to WEP — Wi-Fi Protected Access (WPA) standard, followed in 2004 by WPA2. This standard was considered secure until 2017, despite increasing concerns over its failure to provide perfect forward secrecy.
In 2018, researchers published a white paper showing that all WPA and WPA2 connections could be almost trivially hacked, exposing all data that wasn’t otherwise encrypted. For example, by using a VPN or HTTPS (which was much less common in 2017 than it is now). The only real limitation to this so-called KRACK attack was that the hacker had to be within physical range of the target WiFi network.
The Wi-Fi Alliance rushed to patch the problem, but since a huge number of old routers remain in use, even WEP remains worryingly common more than 20 years after it was declared unfit for purpose, and billions of WPA2 routers remain in use that are unpatched.
Fortunately (and much more successfully), Windows, macOS, Linux, Android, and iOS/iPadOS have all been patched to protect against KRACK.
Nevertheless, few people were surprised when, in 2018, the Wi-Fi Alliance announced a new WiFi security certification, WPA3.
What is WPA3?
WPA3 defines an amalgam of security standards. Some of these are mandatory and must be implemented for a device to display a Wi-Fi CERTIFIED™ sticker. Some standards are recommended for use with WPA3 but are not required for WPA3 certification. We’ll come to these later.
WPA3 includes many small improvements over WPA2 — far too many to detail here. However, the key improvements are:
Protected Management Frames (PMF)
Management frames play an important role in the underlying structure of wireless networking — notably in authenticating and deauthenticating devices. With PMF, these management frames are encrypted to provide protection against a number of threats, including:
- Disconnect attacks (also known as Wi-Fi deauthentication attacks) — A type of denial-of-service attack that disconnects a device from the WiFi network. Disconnect attacks are often used to facilitate other kinds of attack, such as…
- Honeypot and Evil twin attacks — These attacks attempt to trick you into connecting to malicious WiFi networks, so a hacker can snoop on your otherwise unencrypted browsing history.
Improved password security
One of the central design goals behind WPA3 addresses the biggest problem with WiFi security — that people use weak, easily-guessed passwords to protect their WiFi networks. And with WPA2, even if you have changed your password to something genuinely secure, hackers can make an unlimited number of guesses as to what it is.
WPA3 mitigates against such attacks by using a Simultaneous Authentication of Equals (SAE) handshake, which prevents an attacker from guessing more than one password per attack.
This means every time an incorrect password is entered, the hacker must reconnect to the target WiFi network, making dictionary attacks impractical. SAE can also flag when a certain number of password attempts have been made.
Perfect forward secrecy
A major problem with WPA2 is that it doesn’t use perfect forward secrecy. This means that if a router’s private key becomes compromised in some way, a hacker can compromise all otherwise unencrypted traffic passing through the router. In fact, it’s possible to collect encrypted data that doesn’t use PFS, to be decrypted at a later time if the key becomes available.
The Simultaneous Authentication of Equals handshake used by WPA3 solves this problem. Based on a Diffie–Hellman key exchange, WPA3 can implement perfect forward secrecy for WiFi connections, generating a new and unique private encryption key for each WiFi session.
There are two WPA3 standards tailored for different situations: personal and enterprise.
Designed for home use, WPA3 Personal emphasizes convenience over security. Like WPA2, it uses AES-128 encryption in CCM mode, which authenticates the connection and encrypts it. But it additionally offers SAE to prevent brute force attacks (and therefore also perfect forward secrecy).
Aimed at businesses, governments, and financial institutions, WPA3-Enterprise offers improved security at the cost of some convenience. For example, WPA3-Enterprise requires additional infrastructure to deploy, including an authentication server to handle device authentication and key management.
Unlike WPA3-Personal, the use of Protected Management Frames secured with 128-bit encryption is mandatory.
For businesses that require additional security, WPA3-Enterprise offers an optional “192-bit security mode”, that uses AES-128 encryption in GCM mode to secure data and authenticate the connection. This is similar to CCM mode, but is arguably more secure and uses different mathematical equations.
The enterprise version also uses elliptic curve cryptography — a 384-bit ECDH or ECDSA key exchange — which is noted for being both fast and secure. And to validate encrypted connections, it uses HMAC SHA-385 hash authentication. Protected Management Frames must use a higher level of encryption: 256 bits.
In addition to PMF and SAE, the original WPA3 proposal included two standards that were dropped from the final WPA3 certification program.
Wi-Fi Enhanced Open
Wi-Fi Enhanced Open uses Opportunistic Wireless Encryption (OWE) to greatly improve the security of public WiFi networks, mitigating many of the dangers associated with operating an open network. Wi-Fi Enhanced Open therefore allows for convenience of connecting to a WiFi hotspot without the need for authentication.
Wi-Fi Easy Connect
A replacement to the wildly unsafe Wi-Fi Protected Setup (WPS), that allows you to connect to a router at the push of a button, Wi-Fi Easy Connect lets you to easily set up a device by scanning a QR code or NFC tag. As a nice bonus, this connection will persist, even if the WiFi password is changed.
A missed opportunity?
Both these standards are available with their own certification schemes, but not including them in WPA3 was viewed as a mistake by some. This was made worse by the fact that WPA3’s increased encryption key standards are only an optional feature of WPA3-Enterprise certification.
As Mathy Vanhoef, the PhD researcher who discovered the KRACK vulnerability in WPA2 noted:
“Unfortunately, the WPA3 certification program only mandates support of the new dragonfly handshake. That’s it. The other features are either optional, or a part of other certification programs. I fear that in practice this means manufacturers will just implement the new handshake, slap a ‘WPA3 certified’ label on it, and be done with it”.
To be fair to the Wi-Fi Alliance, it wanted a quick uptake of the new standard from manufactures for security reasons, and was no doubt keen to make the transition as painless for them as possible.
To some extent, Vanhoef’s prediction has become true — there are many devices out there which only support the minimal WPA3 specification. However, there are also many higher-end devices that support the full range of Wi-Fi Alliance certifications.
In 2020, Vanhoef published a group of five vulnerabilities, that he collectively termed Dragonsblood (referencing the Dragonfly Key Exchange of which SAE is a variant). These vulnerabilities exploit the fact that WPA3 is usually implemented with backwards-compatibility with WPA2, potentially allowing a hacker to perform a downgrade attack where they trick targets into connecting to a dummy router using WPA2. These WPA2 connections could then be hacked.
The Wi-Fi Alliance quickly announced the issue patched, but a paper published in 2020 (co-authored again by Vanhaoef) demonstrated that these patches were “insufficient”, because of the need for backward compatibility.
It remains unclear if WPA3, when run in compatibility mode (see below), is still vulnerable in 2023 to Dragonsblood attacks, but devices set to use only WPA3-Personal or WPA3-Enterprise shouldn’t be vulnerable.
How to use WPA3 on your router
To achieve a WPA3 connection, both the router and the device connecting to the router must use WPA3. Most routers built from around 2020 support WPA3, but people tend not to upgrade their routers often.
There are consequently a huge number of older routers still in use that do not support WPA3. In addition to this, the huge popularity of IoT devices, many of which still use WPA2, has hindered the widespread adoption of WPA3.
In theory, manufacturers can push firmware updates to older routers, allowing them to support WPA3. In practice, not all manufacturers do this (and certainly not for their whole back-catalog of router models). And even when they do, few people routinely update their router’s firmware.
To see if your router supports WPA3, log in to its admin page (typically by entering the local IP addresses 192.168.0.1 or 192.168.1.1 into your browser’s URL bar while connected to the router), and locating your router’s wireless security settings.
Most routers aimed at the domestic market default to a WPA3/WPA2 compatibility mode so that older WPA2-only devices can also seamlessly connect to them. Most domestic routers don’t support WPA3-Enterprise, as it’s not necessary for home use and requires additional hardware to deploy.
If your router doesn’t support WPA3, then it’s probably time to get another router. You can then connect it to the (likely low-quality) router/modem (set to run in modem-only mode) provided by your ISP.
WPA3 greatly improves on the WiFi security offered by WPA2, with no real downsides. However, nothing is perfect, and WPA3 is no exception. In particular, using WPA3/WPA2 compatibility mode offsets most of the advantages of using WPA3.
Of wider concern is the fact that standards bodies such as the Wi-Fi Alliance are dominated by vendors who have a vested interest in preventing their unsold and recently sold hardware becoming obsolete.
Fortunately, the almost ubiquitous uptake of HTTPS over the last few years provides a strong second layer of security when using WiFi to connect to the internet, making the dangers associated with using public hotspots largely a thing of the past.