After more than a decade of WPA2 the Wi-Fi Alliance today launched their certification program for WPA3 – a significantly more secure and more resilient solution for keeping Wi-Fi connections and devices safe.
By Claus Hetting, Wi-Fi NOW CEO & Chairman
After 15 years of WPA2 the world is now ready for the new and improved way to secure Wi-Fi devices and connections: WPA3. The Wi-Fi Alliance announced WPA3 plans at CES earlier this year and today officially launched the ‘Wi-Fi CERTIFIED WPA3’ program.
Exactly as for WPA2, WPA3 comes in two flavours: Personal and Enterprise. The personal version is intended to offer protection even if users choose passwords that “fall short of typical complexity recommendations,” the Wi-Fi Alliance says in the press release, which can be found here.
The enterprise version now offers “the equivalent of 192-bit cryptographic strength,” the Wi-Fi Alliance says, making it more suitable for transmission of sensitive data. WPA2 today uses 128-bit encryption, so WPA3 is a significant step up. In theory, a brute force attack to crack a code would require an attacker to extract the correct code from 2 to the power of 192 combinations.
Qualcomm said in May of this year that their full portfolio of client and infrastructure-side Wi-Fi devices will support WPA3 in particular citing the need for third-generation security protocols to protect against future attacks exemplified by the KRACK vulnerability discovered in 2016.
The Wi-Fi Alliance is also taking solid aim at the issue of securing ‘headless’ devices meaning devices with limited or no displays at all. As the reality of IoT draws closer, the industry of course expects a preponderance of such device types . The program is called ‘Wi-Fi CERTIFIED Easy Connect’ and uses a smartphones and QR-codes to securely connect headless Wi-Fi clients.
The Wi-Fi Alliance also points out that while the world transitions to WPA3, legacy WPA2-only devices will of course continue to interoperate as always.