What is the WPA2 protocol?

Wireless internet is a crucial part of our everyday lives. In the past 15 years, wifi has spread everywhere, from company offices to homes, cafes, museums, and airport lounges. As we’ll see, the WPA2 protocol has played a key role in this remarkable rise.

But we’ll also see that this wireless protocol has a darker side. So read on to find out what WPA2 does, why it might not be as secure as it seems, and how to protect yourself when using wifi networks.

Understanding the the WPA2 protocol does

Protocols are often misunderstood by users, including WPA2. In computing, a protocol is a set of rules which govern the way an entity on some communication system communicates with another entity.

The WPA in WPA2 stands for “Wireless Protected Access”, and the “2” signifies that it supersedes an older version. However, it’s not exactly new, having been introduced as long ago as 2004.

This second iteration of the WPA protocol is used as a secure way to establish wireless internet connections. That way, network managers can be more confident that their networks are only accessible to authorized users, not hackers or freeloaders.

Most commonly associated with IEEE 802.11i wireless technology, the protocol is fully (NIST) FIPS 140-2 compliant, so it represents the current cutting edge in off-the-shelf wireless security.

Specifically, WPA2 incorporates 256-bit AES (Advanced Encryption Standard) encryption and employs 802.1x authentication – both features which make it suited to locking down wireless networks from external threats.

Are there different versions of the WPA2 protocol?

Yes, there are a number of different versions of the protocol, and network users and managers should be aware of them all.

The first variety is called WPA2-Personal, and is generally used for home wireless networks or settings like cafes. In this setup, access to wireless networks is governed by a shared password.

In the other version, WPA2-Enterprise, access is controlled by a central router, which functions as a security hub. This makes it ideal for businesses (hence the enterprise in the title).

Have there been any security issues with WPA2?

While the protocol is still widely used and relied on to deliver wireless security, there have been some security issues with wifi Protected Access 2. So if you intend to use the protocol to shield your home or business wifi network, it’s a good idea to know about them.

The most important vulnerability of all has been codenamed KRACK. Discovered in 2017, KRACK (Key Reinstallation Attacks) allow intruders to gain access to the data flowing across WPA2 networks. That way, they can harvest user logins and financial data fairly easily.

KRACK sent shock waves through the wireless networking scene. Patches have now been made available, and it’s not hard to secure your network by installing them. However, experts caution that this exploit could compromise the WPA standard for good. And since KRACK was discovered, the race has been on to develop a successor to WPA2.

That’s not all. KRACK built on numerous other theoretical weaknesses, such as the ability to brute force WPA passwords, problems with the protocol’s random number generator which allowed hackers to “guess” keys, and an exploit called Hole196, which made it far easier to stage man-in-the-middle style attacks.

What’s the deal with WPA3 – has a successor been found?

In October 2018, the wifi Alliance (an industry-wide regulatory alliance) made an important announcement. Over the next year, a new WPA standard would be rolled out, representing the long-anticipated switchover to WPA3.

This isn’t a simple task. All of the wireless routers whirring away around the world are currently configured for WPA2 or the initial WPA protocol. To accommodate the demands posed by WPA3, manufacturers like Qualcomm will have to redesign router architecture. And customers will have to decide to purchase more advanced hardware.

When these devices become available, they should be easy enough to spot. As with older routers, they will carry a certification telling you whether they are optimized for different versions of WPA. So look out for the fine print if you are updating your hardware. Given the vulnerabilities of WPA2, and the importance of wifi security, there’s no sense in hanging around.

What features does WPA3 bring to the table?

The developers of WPA3 have gone to great lengths to redress some of the shortcomings of earlier wireless protocols.

For instance, WPA3 offers individualized data encryption, encrypting everything you do on public wifi. This shuts off a notorious weak spot in public networks, which made packet sniffing so much simpler.

Secondly, handshaking has been improved, making it (theoretically) harder to brute force passcodes for wifi networks. WPA3 has also been optimized for a new generation of screen-less devices like Amazon Firesticks. And finally, an elite 192-bit security suite has been developed for sensitive networks such as military installations.

So the newest WPA version looks set to offer enhanced protection for homes and military bases alike.

Keep your home or business protected from wifi threats

As we’ve seen, WPA2 remains a vital aspect of the global internet infrastructure. Even if it is about to be replaced by a more advanced alternative, plenty of people will be using it in 5 years time. So, in the meantime, what can you do to stay safe on wireless networks?

The KRACK vulnerability and other weaknesses show that you can’t really trust any wifi connection, particularly for confidential work. But there is one way to make your online activity much safer: using a VPN.

Virtual Private Networks use tunneling protocols to add an extra layer of protection for internet users. When you connect to a public wifi, the VPN tunnel will ensure that your traffic is safe and sound from the moment the network is detected.

Adding a VPN and patching your system can help reduce the risks attached to wifi – at least until WPA3 becomes mainstream.