WEP vs. WPA vs. WPA2 vs. WPA3: Wi-Fi Security Types Explained

 

WEP vs. WPA vs. WPA2 vs. WPA3: Wi-Fi Security Types Explained

There are many types of wireless security but which one should you use? Which Wi-Fi is more secure: WEP, WPA, WPA2, or WPA3?

Wireless security is extremely important. Most of us connect a mobile device to a router at some point every day, be it a smartphone, tablet, laptop, or something else. Furthermore, Internet of Things devices connect to the Internet using Wi-Fi.

They are always on, always listening and always need extra security.

That’s where Wi-Fi encryption steps in. There are several different ways to protect your Wi-Fi connection. But how do you know which Wi-Fi security standard is the best? Here’s how.

Wi-Fi security types

The most common Wi-Fi security types are WEP, WPA and WPA2.

WEP vs. WPA

Wired Equivalent Privacy (WEP) is the oldest and least secure Wi-Fi encryption method. It’s laughable how terrible WEP is at protecting your Wi-Fi connection. Here’s why you shouldn’t use WEP Wi-Fi encryption.

Also, if you are using an old router that only supports WEP, you should upgrade that too for security and better connectivity.

Why is that bad? Crackers have figured out how to break WEP encryption and it is easily done using freely available tools. In 2005, the FBI held a public demonstration using free tools to raise awareness. Almost anyone can do it. Accordingly, the Wi-Fi Alliance officially retired the WEP Wi-Fi encryption standard in 2004.

By now, you should be using a version of WPA.

Definitions of WPA and WPA2

Wi-Fi Protected Access (WPA) is an evolution of the insecure WPEP standard. WPA is just a stepping stone to WPA 2.

When it became clear that WEP was woefully insecure, WPA was developed to provide an additional layer of security to network connections prior to the development and introduction of WPA 2. WPA2’s security standards were always the desired goal.

WPA3

At present, most routers and Wi-Fi connections use WPA2. At least, they should because even with the weaknesses of encryption standards, it’s still pretty secure.

However, the latest upgrade to Wi-Fi Protected Access — WPA 3 — is firmly on the horizon.

WPA 3 includes some important updates for modern wireless security, including:

Brute force protection 

WPA3 protects users with weak passwords from brute force dictionary attacks (attacks that try to guess passwords repeatedly).

Public network privacy

 WPA3 “Personalized Data Encryption” theoretically encrypts the wireless access point regardless of the password.

Securing the Internet of Things. WPA 3 arrives at a time when Internet of Things device developers are under heavy pressure to improve baseline security.

Strong transcription. WPA 3 adds much stronger 192-bit encryption to the standard, drastically improving the level of security.

WPA3 has yet to hit the consumer router market, even though the initial timeline suggests it will arrive sometime in late 2018.

The jump from WEP to WPA to WPA2 took some time, so it’s nothing to worry about at the moment.

Furthermore, manufacturers must issue backward compatible devices with patches, a process that can take months, not years.

There are three Wi-Fi protected access iterations. Well, the third one isn’t quite with us, but it will be on your router soon. But are they different from each other? Why is WPA2 better than WPA2?

WPA is inherently vulnerable

The WPA was doomed from the start. Despite having much stronger public key encryption using 256-bit WPA-PSK (Pre-Shared Key), WPA still has a string of flaws inherited from the older WPEP standard (both of which share the weak stream encryption standard, RC4).

Bugs centered on the introduction of the Temporal Key Integrity Protocol (TKIP).

TKIP, which used a per-packet key system to protect every data packet sent between devices, was itself a big step forward. Unfortunately, the TKIP WPA rollout had to take older WEP devices into account.

The new TKIP WPA system reused some elements of the compromised WEP system and the same errors eventually appeared in the new standard.

WPA 2 outperforms WPA

WPA2 officially superseded WPA in 2006. WPA, then, was short-lived as the pinnacle of encryption for Wi-Fi.

WPA 2 brought with it other security and encryption updates, most notably the introduction of the Advanced Encryption Standard (AES) to consumer Wi-Fi networks. AES is significantly stronger than REC4 (as RC4 has been cracked in many cases) and is currently the security standard for many online services.

WPA 2 introduced a counter cipher mode with Block Chaining Message Authentication Code Protocol (or CCMP, for the shorter version!) to replace the now weak TKIP.

TKIP remains part of the WPA2 standard and provides functionality for WPA-only devices.

WPA2 KRACK Attack

The somewhat amusingly named KRACK attack is no laughing matter; This is the first vulnerability found in WPA2. A key recovery attack (KRACK) is a direct attack on the WPA2 protocol and unfortunately destroys every Wi-Fi connection that uses WPA2.

Essentially, KRACK subverts a key component of the WPA2 four-way handshake, allowing a hacker to intercept and manipulate the generation of new encryption keys during the secure connection process.

Even though a KRACK attack is possible, the chances of someone using it to attack your home network are slim.

WPA 3: (Wi-Fi) Alliance Strikes Back

WPA3 picks up the slack and offers more security, but everyone is sometimes guilty of actively taking into account security practices that are often lacking. For example, WPA3-Personal gives users encryption even if hackers crack your password after you connect to the network.

Furthermore, WPA3 requires all connections to use Protected Management Frames (PMF). PMFs essentially enhance privacy protections, with additional security mechanisms to keep data safe.

128-bit AES remains for WPA3 (a testament to its continued security). However, for WPA 3-Enterprise connections, 192-bit AES is required. WPA3-Individual users also have the option of using the extra-strength 192-bit AES.

What is a WPA2 Pre-Shared Key?

WPA2-PSK stands for Pre-Shared Key. WPA2-PSK is also called Personal Mode, and is intended for home and small office networks.

Your wireless router encrypts network traffic with a key. With WPA-Personal, this key is calculated from the Wi-Fi passphrase you set on your router. Before the device can connect to the network and understand encryption, you must enter your passphrase on it.

The primary real-world weaknesses with WPA2-Personal encryption are weak passphrases. Just as many people use weak passwords like “password” and “login me” for their online accounts, many people use weak passphrases to secure their wireless networks. You must use a strong passphrase or unique password to secure your network, or WPA2 won’t protect you much.

What is WPA3 SAE?

When you use WPA3, you use a new key exchange protocol called Concurrent Authentication (EQUIVALENT). SEE, also known as the Dragonfly Key Exchange Protocol, is a more secure method of key exchange that addresses the KRACK vulnerability.

In particular, it is resistant to offline decryption attacks through “forward privacy”. Forward secrecy prevents decryption of a previously recorded Internet connection, even if the WPA3 password is known.

As such, WPA3SE uses a peer-to-peer connection to establish exchanges and reduces the possibility of a malicious middleman intercepting keys.

What is Wi-Fi Easy Connect?

Wi-Fi Easy Connect is a new connectivity standard designed to “simplify the provisioning and configuration of Wi-Fi devices”.

Within that, Wi-Fi Easy Connect offers strong public-key encryption for every device added to the network, even “those with little or no user interface, such as smart home and IoT products.”

For example, in your home network, you designate one device as the central configuration point. The central configuration point should be a rich media device such as a smartphone or tablet.

A rich media device is used to scan the QR code, which runs the Wi-Fi Easy Connect protocol as designed by the Wi-Fi Alliance.

Scanning a QR code (or entering a code specific to an IoT device) provides the same security and encryption as other devices on the network, even if the connecting device is not directly configurable.

Wi-Fi Easy Connect, together with WPA3, drastically increases the security of IoT and smart home device networks.

Wi-Fi security is important

As at the time of writing, WPA2 remains the most secure Wi-Fi encryption method, even taking into account the KRACK vulnerability. While KRACK is undoubtedly a problem, especially for enterprise networks, home users are unlikely to face an attack of this variety (unless you’re a high-net-worth individual).

WEP is very easy to crack. You must not use it for any purpose. Furthermore, if you have devices that can only use WEP security, you should consider switching them to increase the security of your network. Find out how to check your Wi-Fi security type to make sure you’re not using WEP.

It should also be noted that WPA3 doesn’t magically appear and secure all your devices overnight. There is always a long lag between the introduction of a new Wi-Fi encryption standard and widespread adoption.

The rate of adoption depends on how quickly manufacturers patch devices and how quickly router manufacturers adopt WPA3 for new routers.

At present, you should focus on protecting your existing network, including WPA2. A good place to start is looking at your router’s security.