The Wi-Fi Alliance has finally announced the long-awaited next generation of the wireless security protocol—Wi-Fi Protected Access (WPA3).
WPA3 will replace the existing WPA2—the network security protocol that has been around for at least 15 years and widely used by billions of wireless devices every day, including smartphones, laptops and Internet of things.
However, WPA2 has long been considered to be insecure due to its common security issue, that is “unencrypted” open Wi-Fi networks, which allows anyone on the same WiFi network to intercept connections on other devices.
Most importantly, WPA2 has also recently been found vulnerable to KRACK (Key Reinstallation Attack) that makes it possible for attackers to intercept and decrypt Wi-Fi traffic passing between computers and access points.
The new standard of Wi-Fi security, which will be available for both personal and enterprise wireless devices later this year, offers improved security and privacy.
WPA3 protocol strengthens user privacy in open networks through individualised data encryption.
WPA3 protocol will also protect against brute-force dictionary attacks, preventing hackers from making multiple login attempts by using commonly used passwords.
WPA3 protocol also offers simplified security for devices that often have no display for configuring security settings, i.e. IoT devices.
Finally, there will be a 192-bit security suite for protecting WiFi users’ networks with higher security requirements, such as government, defence and industrial organisations.
“Wi-Fi security technologies may live for decades, so it’s important they are continually updated to ensure they meet the needs of the Wi-Fi industry,” said Joe Hoffman, SAR Insight & Consulting. “Wi-Fi is evolving to maintain its high-level of security as industry demands increase.”
Since hardware must get certified by the Wi-Fi Alliance to use WPA3 security protocol, the new security standard won’t arrive overnight.
It could take months for device manufacturers to support the new wireless security standard, but the first WPA3-certified devices are expected to ship later this year. More details about WPA3 have yet to be released.