Everything you want to know about Wi-Fi security : When you look at your Wi-Fi connection at home, you may get lost in all the abbreviations. That is why we are making this overview explaining the most important terms, such as the different forms of WPA. You probably already use these standards – and now you will learn more about them.
Wi-Fi security (WPA secures the WiFi network)
You know it: you buy a new router (or get one from your provider), connect it and log in immediately. Do not forget the password (reset), so that not everyone can use your network just like that. These are actions that you usually perform automatically, also because the installation process is so simple. However, the technology behind it is not, but unfortunately that does not mean that everything is extremely safe. The recently rolled out wpa3 makes the Wi-Fi connection at home a lot safer.
But before we get there, it is useful to take a step back. Because what exactly is wpa3? And how has WPA developed in recent years? By using WPA, you ensure that not everyone just accesses your network – after all, it is your network and your data. That is why it is wise to find out more about Wi-Fi in the house and how you can better secure it. If your WiFi router currently supports the wpa2 standard, then you’re still good for now.
Wi-Fi security essentials – You should know this about WPA, TKIP and AES
The abbreviation WPA stands for wi-fi protected access. It is security technology for your home or office WiFi network. The standard was developed because the old standard before it, wep (wired equivalent privacy), was no longer sufficient and offers improved authentication and verification options. The protocol uses two standardized technologies for this: Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES). You sometimes come across these abbreviations in WiFi networks.
Temporal Key Integrity Protocol works behind the scenes of your WiFi network, as it were. It encrypts fixed-size packets from sender (your router) to a receiver (for example, your smartphone or computer). Each parcel is then encrypted with its own key, which is derived from the master key. The recipient ‘knows’ that key, but it is not forwarded. The adjustment that is made is called the initialization vector; that vector is eventually applied to the master key.
This creates a temporary key that can be used to encrypt and decrypt data – TKIP also encrypts the initialization vector so that it cannot be intercepted. For this, the standard uses the message integrity check (MIC): the messages are compared with each other to check whether they are still the same. If there is a difference between the packages, for example because a hacker is active, your router will see this and the package will be ignored. Communication can also be stopped.
So that all sounds good, but there were some problems with TKIP. The standard has not been used since 2012 and since 2013 it is mandatory to use at least wpa2-aes. This abbreviation stands for advanced encryption standard and can therefore protect your WiFi network better. In addition, there is also WPA-PSK (pre-shared key). This is a simplified but more powerful form of the first wWPA standard. This technology makes it difficult for hackers by changing the keys at fixed times.
And then WPA2 took over
The Wi-Fi Alliance officially began rolling out wpa2 in 2006. One of the biggest changes compared to the previous version is the mandatory use of AES. Also CCMP (counter cipher mode with block chaining message authentication code protocol) has been introduced as a successor to TKIP. However, TKIP is still used as a catch net when it turns out that devices don’t support CCMP, so you’re not completely vulnerable if something goes wrong along the way. TKIP is still there for the WPA devices too.
Although wpa2 is already a lot more secure, the standard does have a security hole. It’s an obscure vulnerability, one that requires the hacker to already have penetrated the network in order to engage in malicious action against specific devices. As a result, households are relatively safe, while companies should take this into account more. However, this is not the only leak, as a major problem has been ported from WPA to WPA2. This problem is related to WPS (wi-fi protected set-up). But don’t worry.
While the problem with WPS is significant, it still takes a while for hackers to get in. With a modern computer, it can take anywhere from two to fourteen hours for a hacker to penetrate the network. This makes it a good idea to disable WPS within your router. If possible, you can also put other software on that device so that all traces of WPS are removed, thus ensuring that such an attack cannot occur. But that’s something for experts and experts.
What is best for your network now for Wi-Fi security?
At the time of writing (June 2018), it is best to choose the network that includes WPA2 + AES. If there is no wpa2, go for the combination WPA and AES. The worst thing you can do is go for an open network or one with only WEP security (a standard so old we didn’t mention it in this article). In addition, you do well to disable WPS, if possible, so that you are less susceptible to an attack. However, the future is just around the corner and that is WPA3.
The WiFi standard of the future: WPA3
The WiFi standard for Wi-Fi security of the future: WPA3: Since Wi-Fi devices have now been using the same protocol (wpa2) for about fourteen years, it is time for a successor. The Wi-Fi Alliance announced at the end of June that the organization will now certify devices that support wpa3. Hackers now find it a lot harder to get into your network when they try to guess random passwords. In addition, those people must be physically close to your network, since the data cannot be used offline when the network refreshes the keys.
As a hacker, you may have obtained decrypted information from the network – but if the Wi-Fi network needs a different key at that time, then you will be left empty-handed as a hacker. Wpa3 therefore ensures that those keys are constantly changing. In the unlikely event that people intrude on your network because they stay nearby, they will only see a limited amount of your data. This only concerns the data that is currently passing through the network – all previous data is therefore inaccessible to those people.
The fact that Wi-Fi security WPA3 is around the corner is good news and bad news. The good news is that as a user you don’t notice it. You still complete the same actions to access your WiFi network (look up, click, enter password, change password), but the technology is not immediately accessible to everyone. Your router must support the security standard. Manufacturers can release updates for that, but you are more likely to have to buy a new router.
Moreover, it is now also the case that almost none of your devices in the house support wpa3. So when you get a router with wpa3, the WiFi devices fall back to the wpa2 encryption. That’s not a disaster, because that standard still works well for the most part – but of course there is a successor available for a reason. In addition to a new router, you will also have to buy new devices that support wpa3 (or you hope that the manufacturer will update your current devices at home).
The Wi-Fi Alliance expects the rollout of wpa3 to boom next year. For the time being, the protocol is not yet mandatory for manufacturers. However, the next generation of Wi-Fi, 802.11ax, is also about to be launched. The masses are expected to embrace this technology at the end of 2019 and then the new security protocol will also become a lot more popular. When the adoption of devices with the new WiFi standard and protocol increases, wpa3 support will be made mandatory.
For now you have to do it with wpa2. The fact that this protocol is more than ten years old is less of a problem than you might think. The security is constantly updated to prevent new exploits. The Wi-Fi Alliance reports that this will also apply to its successor; so there will be regular updates to counter new threats. What those updates will embrace is not yet known at the time of writing. But if a vulnerability is known, it can be remedied.