“Big news: We’ve introduced Wi-Fi CERTIFIED #WPA3, which adds new features to simplify and enhance Wi-Fi security for personal and enterprise networks.”
So read a tweet by the Wi-Fi Alliance, a non-profit organization that promotes Wi-Fi technology and certifies Wi-Fi products, announcing the next generation of its security protocol, WPA3.
It had been 14 years since the protocol had been updated. The older protocol, WPA2, has been the standard since 2004.
First and foremost, WPA3 patches a significant security flaw that was inherent in the old protocol. WPA2 was quite vulnerable when it comes to WiFi device passwords. Hackers were able to use brute force to crack it by basically trying different words and combinations until it hit the right one. Websites were able to plug that glitch using different techniques, the most known of which is reCAPTCHA.
WPA3 on the other hand only allows for a single password attempt, and if that fails, then the user will have to physically interact with the WiFi device.
WPA3 also adds another layer of security in the unlikely event that a hacker gains access to a WiFi device. Instead of being able to decrypt all traffic that flowed through the machine like it were the case with WPA2, the traffic will remain encrypted to unauthorized users using forward secrecy.
Finally, WPA3 makes it much easier to give smart devices internet access. This is relevant to IoT enabled devices, which, more often than not, feature not so usable interfaces, let alone a screen. The new protocol will allow IoT devices to connect to routers with the simple scan of a QR code.
While the news will excite techies, it’s still a long way from becoming the norm. The new security protocol can only work on WPA3-enabled WiFi device, which will take a while to spread. Companies are more likely to upgrade soon, but given the rate at which individual consumer purchase or upgrade their router, it looks like it will take some time before WPA3 becomes adopted by the masses – bare in mind that there billions of WiFi devices currently out there, so just imagine how long it will take for WPA3 to become the standard protocol.
What’s more, WPA3 is currently not mandatory. The WiFi Alliance will still certify devices that are not yet compatible with the new protocol. That will eventually come to an end, when the alliance deems that it is time to stop supporting what will become a legacy protocol. But even then, it will take years before WPA3 takes over.