WPA3 is coming, and it won’t be soon enough

There’s a new security standard coming to Wi-Fi. The Wi-Fi alliance, who are the people who set these things (and probably a very lively group of folks) announced that they’ve started to certify devices for their new security standard, which they call WPA3.

Here’s why this is a big deal

Everyone uses Wi-Fi. Like, everyone. Let’s say you don’t even own a computer or a cell phone. You still use Wi-Fi somewhere, I guarantee it. You might use it when you’re at an ATM or a soda machine, without knowing it. Your medical professional probably uses it when you visit. For a largely invisible form of communication, Wi-Fi is really really important.

Unfortunately it’s also really hackable. The original password protocols for Wi-Fi were easily hacked, and this set off an arms race between hackers and router makers to try to protect your data. For a decade, WPA2 was the standard. It was considered virtually unhackable because it was supposed to take like 25 years to hack a router just by guessing the security stuff.

And then, someone hacked WPA2. And then we found out that some of the most common routers could be hosting Russian malware. Something needed to be done.

Where you’re vulnerable

WPA2, and its predecessors WPA and WEP, come into play when you connect to a network. When you’re asked for a password or passphrase, WPA2 is used to make sure, at that very moment, that the password you send can’t be stolen.

You think that it isn’t a big deal because you probably enter your password into your home router maybe every 5 years or so. However, every device on your network enters it at least once when it connects, and usually once a day in order to stay connected. You just don’t notice it because you told that device to remember your password.

Your devices could be sending your password to your router 25 times a day. Think about that.

One of the best protections against hacking has been the limited range of Wi-Fi. My first wireless router had a range of about 15 feet. If someone was going to hack it, they’d have needed to be inside the house.

No more, of course, because we all want great Wi-Fi all over the house and into the back yard. That same strong Wi-Fi signal you crow about is also making it possible for hackers a quarter mile away to get into your network if they’re willing to put up big antennas.

Enter WPA3

I won’t pretend to understand the mechanics of what makes WPA3 more secure. From what I’ve read, here’s the difference:

WPA3-Personal uses Simultaneous Authentication of Equals (SAE), a secure key establishment protocol that forces devices to communicate with a hotspot or another device before attempting to use a network password. This effectively shuts down one security hole under earlier WPA versions where an attacker could perform dictionary-based attacks against collected data packets away from the network.

The Enterprise version adds 192-bit encryption to transmit data, making it harder for attackers to decrypt data packets in a short period of time.

I understand some of that and not much of it. But I understand enough to know that it’s better than WPA2 and at least for now, it can’t be hacked like WPA2 can be hacked.

I’m sure eventually this will change and we’ll have WPA4, or whatever. But that’s a while off hopefully.

We need this now! But…

There are going to be some routers that can be upgraded to support WPA3. It’s going to be up to the manufacturers to upgrade their firmware. Don’t hold your breath though… Linksys still hasn’t addressed the Russian malware hacking issue with new firmware and that’s been over a month. It’s going to take time.

You may not need a new router to take advantage of WPA3 but you may want one unless you’ve upgraded recently. A new router might perform better and might give you better performance overall. It’s a fair bet that most new routers on the market today will eventually be upgraded to WPA3, although I can’t say when.

What I am saying is that this change can’t come fast enough. We all rely on our computers and mobile devices and store personal stuff on them. Right now there’s no reason to think that a hacker out there wants to steal your information, but the sad thing is that there’s nothing stopping them. We’re in a situation now where you’re door is sitting there unlocked, and you’re just hoping no one skeevy drives through your neighborhood.

Hopefully we’ll see device manufacturers upgrade to WPA3 pretty soon because we really need it.

About the Author

Stuart Sweet
Stuart Sweet is the editor-in-chief of The Solid Signal Blog and a "master plumber" at Signal Group, LLC. He is the author of over 8,000 articles and longform tutorials including many posted here. Reach him by clicking on "Contact the Editor" at the bottom of this page.