Securing your wireless network

Wi-Fi protected access (WPA)

Guide

The early wireless local area network (WLAN) security methods were not very robust. Wired equivalent privacy (WEP) devices have particularly been prone to hacking.

As a result, the Wi-Fi Alliance, which represents most suppliers of wireless hardware, has produced better security protocols called Wi-Fi protected access (WPA) and its successors, WPA2 and WPA3.

What is Wi-Fi protected access?

Wi-Fi protected access uses different methods of encryption that are stronger and better designed than WEP. You can select products that use Wi-Fi protected access by looking for 'Wi-Fi WPA' in their specifications. Products that comply with WPA will work together - a critically important requirement.

Wi-Fi protected access can operate in two modes:

  • Personal mode - uses a pre-shared password or pass phrase for authentication. This simple approach makes sure a computer can only get access to the WLAN if the password matches the access point's password.
  • Enterprise mode - uses a more sophisticated method of encryption better suited to larger organisations that need stronger protection.

WPA3 is the third and current generation of the WPA security. It retains interoperability with WPA2 devices, but offers greater protection for simple passwords, individualised encryption for personal and open networks, and even more secure encryption for enterprise networks.

Find out more about WPA3.

Which Wi-Fi protected access is the best?

WPA is now fairly out of date and can make wireless networks vulnerable to outside threats. If you have a router or a wireless access point which supports WPA, you should consider replacing it with a newer device compatible with WPA2 or WPA3.

WPA2 replaced WPA in 2004 and is now widely deployed in the enterprise space. Whilst generally safer than WPA, WPA2 is known to be vulnerable to key reinstallation attacks (KRACK) which can be exploited for the purposes of stealing data transmitted over networks.

WPA3 addresses WPA2's KRACK vulnerability with more stringent security and encryption methods. As the most up-to-date wireless encryption protocol, it is generally considered by experts to be the most secure. In practice, however, even WPA3 is not impervious to threats. You should mitigate them via regular software upgrades, including patches to your operating systems.

Keep in mind that wireless hardware manufacturers often supply their products with the security settings turned off. Make sure that you set the device up properly before using it. See 10 tips for better wireless network security.