Wi-Fi® is an integral part of daily life. Billions of people the world over depend on Wi-Fi in their homes and businesses, to shop, bank, coordinate life, and stay connected. Securing Wi-Fi connections is an important element of securing personal data, and Wi-Fi Alliance® has been on the forefront of evolving Wi-Fi security as the number of Wi-Fi devices in use worldwide has grown.
Since 2003, Wi-Fi Alliance has enabled individuals and businesses to increase the protection of information moving across Wi-Fi networks through the Wi-Fi Protected Access® family of technologies. Security features of Wi-Fi Protected Access constantly evolve to include stronger protections and new security practices as the security landscape changes.
The Wi-Fi Protected Access security family includes solutions for personal and enterprise networks.
Wi-Fi CERTIFIED WPA2™
Wi-Fi networks using WPA2™, the trusted security technology for more than a decade, provide security to control who connects to the network and privacy to ensure transmissions across the Wi-Fi network cannot be read by others. Since 2006, all Wi-Fi CERTIFIED™ devices implement WPA2.
The WPA2 certification program continually evolves to meet security needs as the security environment changes. In 2018, Wi-Fi Alliance will augment existing security protections for networks through these configuration, authentication, and encryption enhancements:
- Mandatory use of Protected Management Frames, available in all current generation Wi-Fi CERTIFIED devices, maintains the resiliency of mission-critical networks
- Enhanced validation of vendor security implementations reduce the potential for vulnerabilities due to network misconfiguration and further safeguard managed networks with centralized authentication services
- Better consistency in network security configuration through standardized cryptographic suites for discrete security levels starting at 128-bit security
WPA2 will continue to evolve to meet the highest standards for interoperability and security in all Wi-Fi CERTIFIED devices.
Wi-Fi CERTIFIED WPA3™
Also coming in 2018, WPA3™ will build on the success of WPA2 with new capabilities to simplify Wi-Fi security configuration and enhance Wi-Fi security protections in personal and enterprise networks.
- More resilient password-based authentication even when users choose passwords that fall short of typical complexity recommendations
- Simplified, secure configuration and onboarding for devices with limited or no display interface
- Improved data privacy in open networks with users receiving individualized data encryption
- Stronger, 192-bit cryptographic strength suitable for government, defense, and other security sensitive environments aligned with the Commercial National Security Algorithm (CNSA) Suite
WPA2 will continue to be deployed in Wi-Fi CERTIFIED devices for the foreseeable future, and all devices supporting WPA3 will continue to work with WPA2 devices. More on WPA3 security will be revealed later in 2018.
|Wi-Fi Alliance® introduces security enhancements|
|Wi-Fi Alliance® security update|
|Wi-Fi CERTIFIED Wi-Fi Protected Setup™ adds NFC "tap-to-connect" for simple set up of security-protected Wi-Fi® devices and networks|
|Wi-Fi kicks off 2018 with a security boost|
|Wi-Fi Alliance Launches WPA2 Enhancements and Debuts WPA3|
|Your local public Wi-Fi network may be a whole lot safer soon|
- What does “security” mean in the context of Wi-Fi?
In the context of Wi-Fi technology, security means two things. First, controlling who can connect to and configure your network and equipment. Second, it means securing the data travelling wirelessly across your Wi-Fi network from unauthorized view.
Wi-Fi security is just one aspect of security for networks. A protected Wi-Fi network is a great start, but you should also consider measures to protect your computer (virus software, firewall, etc.) and your communications across the Internet (virtual private network (VPN), etc.)
- What is a passphrase?
The term passphrase refers to a single string of characters that the user enters into all their Wi-Fi devices on the same network.
With WPA2-Personal, using a passphrase is equivalent to using security doors with metal keys. All users use the same key. Changing the passphrase for the network requires changing the passphrase for all devices.
WPA2-Enterprise is the equivalent to using security doors with electronic card keys. Each user has an individual card key. It is possible to change each user's card key or revoke their card key without disturbing the other users.
- What is the KRACK attack?
This term refers to a potential key reinstallation vulnerability detected in late 2017. Wi-Fi Alliance took steps immediately to ensure users can continue to count on Wi-Fi to deliver strong security protections. For more information on this issue view our security update.
- What are Protected Management Frames?
Wi-Fi CERTIFIED WPA2 with Protected Management Frames provides WPA2 protection for unicast and multicast management action frames. Unicast management action frames are protected from both eavesdropping and forging, and multicast management action frames are protected from forging. WPA2 with Protected Management Frames augments WPA2 privacy protections already in place for data frames with mechanisms to improve the resiliency of mission-critical networks.
- Does WPA2 have session keys?
WPA2 creates fresh session keys on every association. The benefit is that the encryption keys used for each client on the network are unique and specific to that client. Ultimately, every packet sent over the air is encrypted with a unique key. The ability to avoid key reuse and provide unique, fresh encryption keys is a basic tenet of good security practice and is why WPA2 offers such good security.
- What security measures should I take when working away from my home?
Configure Wi-Fi client devices (laptops, handsets, and other Wi-Fi enabled products) to enable security protections.
Configure for approved connections: Many devices are set by default to sense and automatically connect to any available wireless signal. Wi-Fi Alliance recommends that you configure your device to not automatically connect to an open network without your approval.
Disable sharing: Wi-Fi enabled devices may automatically enable themselves to sharing / connecting with other devices when attaching to a wireless network. File and printer sharing may be common in business and home networks, but this should be avoided in a public network such as a hotel, restaurant, or airport hotspot
Users may also wish to use complementary security measures to improve the security of their activity over the internet including virtual private networks (VPNs), firewalls, etc.
- Are Wi-Fi CERTIFIED products protected by security?
Yes. All Wi-Fi CERTIFIED products are tested for the latest generation of Wi-Fi security: Wi-Fi Protected Access® (WPA2™) The only way to be sure that a product meets these standards is to purchase only Wi-Fi CERTIFIED products.