WPA3 will improve your Wi-Fi security, if your router supports it

Posted:
in General Discussion
The Wi-Fi Alliance has started to certify wireless devices for WPA3, a new security protocol replacing the aging WPA2, with it boasting enhanced authentication and encryption measures to protect both consumer and enterprise networks from unauthorized access.




WPA3 makes behind-the-scenes changes not immediately visible to users to how devices connect to each other, specifically to make it as hard as possible for an attacker to access the network. Even if users create passwords for a Wi-Fi network that are considered to be weak, WPA3 has other elements that increases the difficulty.

There are two variants of WPA3 protection, named WPA3-Personal and WPA3-Enterprise, which offer slightly different levels of protection.

WPA3-Personal uses Simultaneous Authentication of Equals (SAE), a secure key establishment protocol that forces devices to communicate with a hotspot or another device before attempting to use a network password. This effectively shuts down one security hole under earlier WPA versions where an attacker could perform dictionary-based attacks against collected data packets away from the network.

The Enterprise version adds 192-bit encryption to transmit data, making it harder for attackers to decrypt data packets in a short period of time.

The commencement of certification for WPA3 does not mean it will be immediately available to users, nor make their current networking equipment obsolete. While it will slowly roll out in new products, it isn't currently a mandatory technology to use, but this status will change as adoption grows.

WPA2 compatibility is still required for all Wi-Fi certified devices, meaning hardware with WPA3 onboard will continue to work with current Wi-Fi networks without issue. While Apple's main product lines will most likely include support in the future, it is doubtful the same can be said to the AirPort, which Apple discontinued in April.

"WPA3 takes the lead in providing the industry's strongest protections in the ever-changing security landscape," said Wi-Fi Alliance President and CEO Edgar Figueroa. "WPA3 continues the evolution of Wi-Fi security and maintains the brand promise of Wi-Fi Protected Access."

The certification of WPA3 arrives eight months after the discovery of a major vulnerability in WPA2, known as a Key Reinstallation Attack (KRACK), which affected Apple devices and other hardware. The vulnerability prompted the Wi-Fi Alliance to adopt new testing enhancements to refine WPA2, as well as revealing the development of WPA3.

At the same time as Tuesday's announcement, the Wi-Fi Alliance introduced Wi-Fi Certified Easy Connect, a program to reduce the complexity of onboarding Wi-Fi devices with limited or no display interface at all. Aimed at Internet of Things hardware and similar items, Easy Connect will enable such devices to connect to a network by using another device, like a smartphone, to scan a QR code.
Alex1N
«1

Comments

  • Reply 1 of 23
    danielchowdanielchow Posts: 117member
    This was probably why Apple is discontinuing their current hardware because it’d be a waste of resources to keep manufacturing the Airports when a new hardware standard is going to come out (?)
    williamlondonAlex1N
  • Reply 2 of 23
    I'm highly excited hearing about WiFi Certified Easy Connect. I hope it can solve the Internet of Thing's security problems when connecting to WiFi home networks which represents a major attack vector in home networks
    jony0Alex1N
  • Reply 3 of 23
    This was probably why Apple is discontinuing their current hardware because it’d be a waste of resources to keep manufacturing the Airports when a new hardware standard is going to come out (?)
    WPA3 can be easily implemented in todays WPA2 compatible systems since it is based on the same hardware acceleration for the cryptography happening under the hood.
    netmageaylkjony0williamlondonAlex1Ndysamoriapakitt
  • Reply 4 of 23
    GG1GG1 Posts: 218member
    This was probably why Apple is discontinuing their current hardware because it’d be a waste of resources to keep manufacturing the Airports when a new hardware standard is going to come out (?)
    WPA3 can be easily implemented in todays WPA2 compatible systems since it is based on the same hardware acceleration for the cryptography happening under the hood.
    So theoretically Apple can push out a software update to its old hardware to support WPA3? I'm still using my rock-solid Time Capsule.
    aylkwilliamlondonAlex1N
  • Reply 5 of 23
    melgrossmelgross Posts: 31,361member
    This was probably why Apple is discontinuing their current hardware because it’d be a waste of resources to keep manufacturing the Airports when a new hardware standard is going to come out (?)
    It’s not a new hardware standard. This is software. If Apple really wanted to, it’s very possible that they could implement this on their devices, but not definitely.
    netmageaylkjony0Alex1Ndysamoria
  • Reply 6 of 23
    gatorguygatorguy Posts: 19,985member
    This was probably why Apple is discontinuing their current hardware because it’d be a waste of resources to keep manufacturing the Airports when a new hardware standard is going to come out (?)
    It can be added to existing hardware via a software update if the router vendor chooses to. 

    EDIT: Answered by Prismatics :)
    edited June 2018 Alex1N
  • Reply 7 of 23
    I'm going to predict that this article is wrong, and that Apple will indeed provide a software update with WPA3 for at least the more recent Airport models, even though it does not have to.
    williamlondonAlex1N
  • Reply 8 of 23
    Mike WuertheleMike Wuerthele Posts: 4,184administrator
    I'm going to predict that this article is wrong, and that Apple will indeed provide a software update with WPA3 for at least the more recent Airport models, even though it does not have to.
    It would be good. Based on what we're hearing, I can't place the odds at any better than 30 for, 70 against.
    williamlondonAlex1N
  • Reply 9 of 23
    ttollertonttollerton Posts: 167member
    I’m curious whether some modern hardware (such as eero or Google Home) can be flash updated to support WPA3, or if this requires specific hardware certification. 
  • Reply 10 of 23
    SoliSoli Posts: 8,533member
    Between 802.11ax and WPA3 I hope that Apple is just waiting before they launch a quality mesh router system. I'd also like to see an option (from anyone) to plug in an iPhone for a backup cellular connection from the router, as well as VPN from the router itself, but I'm not holding my breath.
    cornchipAlex1N
  • Reply 11 of 23
    Hmmm... Will moving to WPA3 on an access point render a hubless, Homekit-compatible device obsolete, unless either a) the less-secure WPA2 is somehow supported in parallel or b) the HomeKit device supports a WPA3 firmware update?  While I say HomeKit, I'm implying any Wi-Fi device in a home or office.  Modern APs don't support WEP anymore.  That makes very old Wi-Fi laptops and smartphones, which can't do WPA, obsolete.  While a laptop is 'expected' to go obsolete within 4-7 years, would a Wi-Fi garage door opener, light switch, outlet, fan, heater, sensor, camera, etc., bought just before WPA3 gets adopted (in the name of security) experience a dramatic obsolescence event?
    Alex1N
  • Reply 12 of 23
    SoliSoli Posts: 8,533member
    techrider said:
    Hmmm... Will moving to WPA3 on an access point render a hubless, Homekit-compatible device obsolete, unless either a) the less-secure WPA2 is somehow supported in parallel or b) the HomeKit device supports a WPA3 firmware update?  While I say HomeKit, I'm implying any Wi-Fi device in a home or office.  Modern APs don't support WEP anymore.  That makes very old Wi-Fi laptops and smartphones, which can't do WPA, obsolete.  While a laptop is 'expected' to go obsolete within 4-7 years, would a Wi-Fi garage door opener, light switch, outlet, fan, heater, sensor, camera, etc., bought just before WPA3 gets adopted (in the name of security) experience a dramatic obsolescence event?
    Being backwards compatible with WPA2 I don't think it would be an issue. 
    Alex1N
  • Reply 13 of 23
    gatorguygatorguy Posts: 19,985member
    I’m curious whether some modern hardware (such as eero or Google Home) can be flash updated to support WPA3, or if this requires specific hardware certification. 
    Word is that it can be. 
    Alex1N
  • Reply 14 of 23
    SoliSoli Posts: 8,533member
    gatorguy said:
    I’m curious whether some modern hardware (such as eero or Google Home) can be flash updated to support WPA3, or if this requires specific hardware certification. 
    Word is that it can be. 
    Hopefully Eero doesn't charge you for it. I've had great experience with their product but I see they have an in-app purchase to get more features, but I haven't looked into what that actually offers. If Eero (and others) want to charge for improved security I'll be disappointed in them as a company, but maybe I shouldn't if they've never accounted for this eventual cost in the device's sale. Remember when Apple charged $1.99(?) for getting 802.11n flash to a NIC?
    Alex1N
  • Reply 15 of 23
    tallest skiltallest skil Posts: 43,399member
    Soli said:
    Between 802.11ax and WPA3 I hope that Apple is just waiting before they launch a quality mesh router system. I'd also like to see an option (from anyone) to plug in an iPhone for a backup cellular connection from the router, as well as VPN from the router itself, but I'm not holding my breath.
    Can Apple even be looked to for consistent behavior anymore? If so, we can determine that they have no intention of caring about that at all. They’ve discontinued their routers, but if they were going to make a new one, why would they do that? Wouldn’t they keep selling the old ones? It’s not like a Mac Mini, where hardware actually matters. They could just keep selling them and people would buy them. For example, they haven’t “discontinued” the Mac Pro, despite refusing to update it for 5 years. And they’ve also said they’re making a new one, so wouldn’t they have “discontinued” the current one while we “wait” for the new one (if we’re assuming new routers are coming)? And they have discontinued their displays, but supposedly they are making a new one?

    My overarching question is “Where’s the Apple ecosystem anymore?”
    Alex1Ndysamoria
  • Reply 16 of 23
    gatorguygatorguy Posts: 19,985member
    Soli said:
    gatorguy said:
    I’m curious whether some modern hardware (such as eero or Google Home) can be flash updated to support WPA3, or if this requires specific hardware certification. 
    Word is that it can be. 
    Hopefully Eero doesn't charge you for it. I've had great experience with their product but I see they have an in-app purchase to get more features, but I haven't looked into what that actually offers. If Eero (and others) want to charge for improved security I'll be disappointed in them as a company, but maybe I shouldn't if they've never accounted for this eventual cost in the device's sale. Remember when Apple charged $1.99(?) for getting 802.11n flash to a NIC?
    I thought they originally wanted even more than that, maybe $4.99? I doubt that will ever get repeated. 

    Personally I can't see Google WiFi requiring an "upgrade fee" for WPA3 which should help serve to keep the other players in line too. 

    EDIT: You're correct, I had missed reading that. Eero is trying to suck a bit more from the buyers, pushing a subscription model and supposedly making that a requirement on new models? I can't see that going over well. 

    EDIT2: No that's Plume making a subscription the only option for their mesh routers. Eero is just strongly suggesting it.... for now. 
    $99 a year for Eero Plus gets you "content filtering, malicious site blocking, and subscriptions to other security products, like 1Password and a VPN".
    edited June 2018 Alex1N
  • Reply 17 of 23
    melgrossmelgross Posts: 31,361member
    Soli said:
    Between 802.11ax and WPA3 I hope that Apple is just waiting before they launch a quality mesh router system. I'd also like to see an option (from anyone) to plug in an iPhone for a backup cellular connection from the router, as well as VPN from the router itself, but I'm not holding my breath.
    Can Apple even be looked to for consistent behavior anymore? If so, we can determine that they have no intention of caring about that at all. They’ve discontinued their routers, but if they were going to make a new one, why would they do that? Wouldn’t they keep selling the old ones? It’s not like a Mac Mini, where hardware actually matters. They could just keep selling them and people would buy them. For example, they haven’t “discontinued” the Mac Pro, despite refusing to update it for 5 years. And they’ve also said they’re making a new one, so wouldn’t they have “discontinued” the current one while we “wait” for the new one (if we’re assuming new routers are coming)? And they have discontinued their displays, but supposedly they are making a new one?

    My overarching question is “Where’s the Apple ecosystem anymore?”
    Who knows what their thoughts are? Apparently they disbursed the network group that did routers. Possibly that includes software engineers.
    Alex1N
  • Reply 18 of 23
    melgrossmelgross Posts: 31,361member
    gatorguy said:
    Soli said:
    gatorguy said:
    I’m curious whether some modern hardware (such as eero or Google Home) can be flash updated to support WPA3, or if this requires specific hardware certification. 
    Word is that it can be. 
    Hopefully Eero doesn't charge you for it. I've had great experience with their product but I see they have an in-app purchase to get more features, but I haven't looked into what that actually offers. If Eero (and others) want to charge for improved security I'll be disappointed in them as a company, but maybe I shouldn't if they've never accounted for this eventual cost in the device's sale. Remember when Apple charged $1.99(?) for getting 802.11n flash to a NIC?
    I thought they originally wanted even more than that, maybe $4.99? I doubt that will ever get repeated. 

    Personally I can't see Google WiFi requiring an "upgrade fee" for WPA3 which should help serve to keep the other players in line too. 

    EDIT: You're correct, I had missed reading that. Eero is trying to suck a bit more from the buyers, pushing a subscription model and supposedly making that a requirement on new models? I can't see that going over well. 

    EDIT2: No that's Plume making a subscription the only option for their mesh routers. Eero is just strongly suggesting it.... for now. 
    $99 a year for Eero Plus gets you "content filtering, malicious site blocking, and subscriptions to other security products, like 1Password and a VPN".
    Ugh! Why would I want that? There’s nothing there that isn’t already being done by other software, or by safari.
    Alex1N
  • Reply 19 of 23
    SoliSoli Posts: 8,533member
    melgross said:
    gatorguy said:
    Soli said:
    gatorguy said:
    I’m curious whether some modern hardware (such as eero or Google Home) can be flash updated to support WPA3, or if this requires specific hardware certification. 
    Word is that it can be. 
    Hopefully Eero doesn't charge you for it. I've had great experience with their product but I see they have an in-app purchase to get more features, but I haven't looked into what that actually offers. If Eero (and others) want to charge for improved security I'll be disappointed in them as a company, but maybe I shouldn't if they've never accounted for this eventual cost in the device's sale. Remember when Apple charged $1.99(?) for getting 802.11n flash to a NIC?
    I thought they originally wanted even more than that, maybe $4.99? I doubt that will ever get repeated. 

    Personally I can't see Google WiFi requiring an "upgrade fee" for WPA3 which should help serve to keep the other players in line too. 

    EDIT: You're correct, I had missed reading that. Eero is trying to suck a bit more from the buyers, pushing a subscription model and supposedly making that a requirement on new models? I can't see that going over well. 

    EDIT2: No that's Plume making a subscription the only option for their mesh routers. Eero is just strongly suggesting it.... for now. 
    $99 a year for Eero Plus gets you "content filtering, malicious site blocking, and subscriptions to other security products, like 1Password and a VPN".
    Ugh! Why would I want that? There’s nothing there that isn’t already being done by other software, or by safari.
    I’d like VPN on my home router, not each device.
    Alex1N
  • Reply 20 of 23
    melgrossmelgross Posts: 31,361member
    Soli said:
    melgross said:
    gatorguy said:
    Soli said:
    gatorguy said:
    I’m curious whether some modern hardware (such as eero or Google Home) can be flash updated to support WPA3, or if this requires specific hardware certification. 
    Word is that it can be. 
    Hopefully Eero doesn't charge you for it. I've had great experience with their product but I see they have an in-app purchase to get more features, but I haven't looked into what that actually offers. If Eero (and others) want to charge for improved security I'll be disappointed in them as a company, but maybe I shouldn't if they've never accounted for this eventual cost in the device's sale. Remember when Apple charged $1.99(?) for getting 802.11n flash to a NIC?
    I thought they originally wanted even more than that, maybe $4.99? I doubt that will ever get repeated. 

    Personally I can't see Google WiFi requiring an "upgrade fee" for WPA3 which should help serve to keep the other players in line too. 

    EDIT: You're correct, I had missed reading that. Eero is trying to suck a bit more from the buyers, pushing a subscription model and supposedly making that a requirement on new models? I can't see that going over well. 

    EDIT2: No that's Plume making a subscription the only option for their mesh routers. Eero is just strongly suggesting it.... for now. 
    $99 a year for Eero Plus gets you "content filtering, malicious site blocking, and subscriptions to other security products, like 1Password and a VPN".
    Ugh! Why would I want that? There’s nothing there that isn’t already being done by other software, or by safari.
    I’d like VPN on my home router, not each device.
    Very slow, and, as it turns out, very likely not as secure as you think.
    Alex1N
Sign In or Register to comment.