Wi-Fi Alliance Begins Certifying Next-Generation WPA3 Security Protocol

The Wi-Fi Alliance has officially started certifying WPA3, the next-generation security standard for wireless networking devices (via Engadget). The new protocol addresses a number of potential vulnerabilities that exist in WPA2 for both personal and enterprise networking environments.


Amongst the enhancements, WPA3-Personal includes a more robust password-based authentication system that reduces the chances of a hacker guessing your password, individualized data encryption to protect against Wi-Fi eavesdropping, and the ability to protect data traffic even if a password is compromised after the data was transmitted.

On the enterprise side, WPA3 also offers an optional mode using 192-bit minimum-strength security protocols, as well as cryptographic tools to better protect sensitive data.

WPA3 also includes new quick-setup options for smart home devices through Easy Connect, a smartphone-based feature for users to set up wireless devices that lack displays.

Support for WPA3 must be built into devices for the protocol to be enabled, so it won't start coming into general use for a while yet. The good news is that WPA3 will retain interoperability with WPA2 devices, so there won't be a need to update every device on the same network.

The Wi-Fi Alliance expects WPA3 certification to increase over the next year, and as adoption grows, the protocol should eventually become a market requirement for all Wi-Fi certified devices.


Top Rated Comments

(View all)
Avatar
25 weeks ago
Is there any likelihood of new firmware - incorporating WPA3 - being provided for legacy AirPort devices?
Rating: 3 Votes
Avatar
25 weeks ago
Good news
And please school WiFi routers manufacturers about their default Admin / Admin :p
Rating: 3 Votes
Avatar
25 weeks ago
Requiring hardware support. Naturally that’ll mean new dongles for Computers that will probably be practically brand new at ratification.

And obsoleting phones that are only months old.

New routers.

Granted it says it’ll permit older devices to connect. But if you want to use the new security protocol, there’s going to be a huge burst of e-waste.

They should work on a firmware update option.
Rating: 2 Votes
Avatar
25 weeks ago

Good news
And please school WiFi routers manufacturers about their default Admin / Admin :p

Actually, that's not the problem as I don't want to search for some random login if I want to reset and re-setup a wifi router.
What should be enforced are forcing the users to change the default admin password once the router is configured. Companies can simply add this steps in the set up process.
[doublepost=1530014519][/doublepost]

Requiring hardware support. Naturally that’ll mean new dongles for Computers that will probably be practically brand new at ratification.

And obsoleting phones that are only months old.

New routers.

Granted it says it’ll permit older devices to connect. But if you want to use the new security protocol, there’s going to be a huge burst of e-waste.

They should work on a firmware update option.

How is this making phones obsolete? It is backward compatible, so one can slowly migrate their hardware to the new standard.

Today, there are plenty of people still using simple 801.11g routers, and plenty of devices only support 2.4GHz wifi. 802.11ac doesn't automatically make those obsolete. Neither will WPA3.
Rating: 2 Votes
Avatar
25 weeks ago

Requiring hardware support. Naturally that’ll mean new dongles for Computers that will probably be practically brand new at ratification.

And obsoleting phones that are only months old.

New routers.

Granted it says it’ll permit older devices to connect. But if you want to use the new security protocol, there’s going to be a huge burst of e-waste.

They should work on a firmware update option.


It's a protocol/encryption/hashing change, not a different band of the spectrum. Biggest hardware changes will be seen at the enterprise level. Personal hardware will see smaller changes until the new wireless standard comes out (see 802.11ax), coupled together will be great improvement to security but are two totally separate things.
Rating: 1 Votes
Avatar
25 weeks ago

Good news
And please school WiFi routers manufacturers about their default Admin / Admin :p

Don’t think this will ever change :rolleyes:
Rating: 1 Votes
Avatar
25 weeks ago

Last time I read about WPA3 they said it would be a firmware update, this is just BS on their part, "they" want $$$$

Router manufacturers can update their firmware to support WPA3. They just have to have the device certified before they can release the update. This MR article is poorly written as it implies it requires new hardware.
Rating: 1 Votes
Avatar
25 weeks ago
The ‘WiFi Alliance’ is still a scummy organization. The specs they oversee need to be public/open source (e.g. TLS), so security researchersand academia can pound on their proposed standards. Instead, we’re left with a kludge-y standard where both the previous generations have been shown to have major security flaws. If WiFi was open like TLS is, the security of WPA3 would’ve been in place in WPA2...

But moving these standards into the open would mean the WiFi alliance would lose their cash cow: any WiFi device has to pay them to be tested, and you can’t even sell a product without paying them to use the phrase ‘Wifi’!
Rating: 1 Votes
Avatar
25 weeks ago
Nice to see these guys pushing along a stronger standard.
Rating: 1 Votes
Avatar
25 weeks ago
I wonder if they'll start allowing encryption without using a passphrase. This would be useful in cases where you want to have an open network (like at a coffee shop) but don't want people to have to use a password to log in. Not having to worry about people sniffing your unencrypted traffic at Starbucks would be nice.
Rating: 1 Votes
[ Read All Comments ]