Securing your Wi-Fi connections is an important element of securing your personal data. A Wi-Fi network using WPA2™ provides both security (you can control who connects) and privacy (the transmissions cannot be read by others) for communications as they travel across your network. For maximum security, your network should include only devices with the latest in security technology – Wi-Fi Protected Access® 2 (WPA2). Wi-Fi CERTIFIED™ devices implement WPA2.
Most Wi-Fi equipment is shipped with security disabled to make it very easy to set up your network. Most access points, routers, and gateways are shipped with a default network name (SSID), and administrative credentials (username and password) to make configuration as simple as possible. These default settings should be changed as soon as you set up your network.
It’s also important to consider employing other measures to secure your communications after they travel beyond your Wi-Fi network. Tools like personal firewalls, Virtual Private Networks (VPNs) and HTTPS can help reduce the risk of compromised privacy and security for internet traffic.
Security made easy: Wi-Fi Protected Setup™
Wi-Fi Protected Setup is an optional feature that simplifies and standardizes the process of configuring and securing a Wi-Fi network. It configures the network name (SSID) and WPA2 security for the gateway and client devices on a network and makes adding a new device to your network as easy as pushing a button or entering a personal information number (PIN). Products certified for Wi-Fi Protected Setup are available at major electronics retailers and display this identifier mark on their packaging.
Securing a new network
- Change the network name (SSID) from the default name
- Change the administrative credentials (username and password) that control the configuration settings of your Access Point/Router/Gateway
- Enable WPA2-Personal (aka WPA2-PSK) with AES encryption
- Create a network passphrase that meets recommended guidelines
- Enable WPA2 security features on your client device and enter the passphrase for your network
Checking security on an existing network
When you add a new device to your Wi-Fi network, it’s a great time to make sure you’re taking advantage of the highest level of security. Take the opportunity to ensure your network is configured for WPA2.
If your network was set up some time ago, or a service provider (e.g consultant or cable provider) configured your home network, it may be worth checking that it’s configured for the highest level of security. If your network is configured for an older generation of security (WEP or WPA) the Wi-Fi Alliance recommends you move to WPA2. WPA2 has been required on all Wi-Fi CERTIFIED products since 2006 – the vast majority of Wi-Fi CERTIFIED devices in service today are capable of WPA2.
Passphrase quality & lifespan
A secure network passphrase greatly enhances network security, so it is important to select an effective passphrase. In general, increasing length, complexity and randomness all improve the quality of a passphrase. Wi-Fi Alliance recommends that a passphrase is at least eight characters long, and includes a mixture of upper and lower case letters and symbols. A passphrase should not contain a word found in a dictionary and should not include personal information (identification number, name, address, etc).
Periodically changing the passphrase on your network also increases security.
Once users have experienced the convenience and freedom of working wirelessly, they want to take their Wi-Fi devices on the road. Here are some tips for securing your Wi-Fi devices when using them away from your home network.
- Enable WPA2 security: All of your Wi-Fi client devices (laptops, handsets, and other Wi-Fi enabled products) should use WPA2.
- Configure to approve new connections: Many devices are set by default to sense and automatically connect to any available wireless signal. Configuring your client device to request approval before connecting gives you greater control over your connections.
- Disable sharing: Your Wi-Fi-enabled devices may automatically enable themselves to sharing / connecting with other devices when attaching to a wireless network. File and printer sharing may be common in business and home networks, but you should avoid this in a public network such as a hotel, restaurant, or airport hotspot.
|Wi-Fi CERTIFIED Wi-Fi Protected Setup™增加NFC即按即連功能，簡化具有安全保護的Wi-Fi®設備與網絡設置|
|Wi-Fi kicks off 2018 with a security boost|
|Wi-Fi Alliance Launches WPA2 Enhancements and Debuts WPA3|
|Your local public Wi-Fi network may be a whole lot safer soon|
- What does “security” mean in the context of Wi-Fi?
In the context of Wi-Fi technology, security means two things. First, controlling who can connect to and configure your network and equipment. Second, it means securing the data travelling wirelessly across your Wi-Fi network from unauthorized view.
Wi-Fi security is just one aspect of security for networks. A protected Wi-Fi network is a great start, but you should also consider measures to protect your computer (virus software, firewall, etc.) and your communications across the Internet (virtual private network (VPN), etc.)
- What is a passphrase?
The term passphrase refers to a single string of characters that the user enters into all their Wi-Fi devices on the same network.
With WPA2-Personal, using a passphrase is equivalent to using security doors with metal keys. All users use the same key. Changing the passphrase for the network requires changing the passphrase for all devices.
WPA2-Enterprise is the equivalent to using security doors with electronic card keys. Each user has an individual card key. It is possible to change each user's card key or revoke their card key without disturbing the other users.
- What is the KRACK attack?
This term refers to a potential key reinstallation vulnerability detected in late 2017. Wi-Fi Alliance took steps immediately to ensure users can continue to count on Wi-Fi to deliver strong security protections. For more information on this issue view our security update.
- What are Protected Management Frames?
Wi-Fi CERTIFIED WPA2 with Protected Management Frames provides WPA2 protection for unicast and multicast management action frames. Unicast management action frames are protected from both eavesdropping and forging, and multicast management action frames are protected from forging. WPA2 with Protected Management Frames augments WPA2 privacy protections already in place for data frames with mechanisms to improve the resiliency of mission-critical networks.
- Does WPA2 have session keys?
WPA2 creates fresh session keys on every association. The benefit is that the encryption keys used for each client on the network are unique and specific to that client. Ultimately, every packet sent over the air is encrypted with a unique key. The ability to avoid key reuse and provide unique, fresh encryption keys is a basic tenet of good security practice and is why WPA2 offers such good security.
- What security measures should I take when working away from my home?
Configure Wi-Fi client devices (laptops, handsets, and other Wi-Fi enabled products) to enable security protections.
Configure for approved connections: Many devices are set by default to sense and automatically connect to any available wireless signal. Wi-Fi Alliance recommends that you configure your device to not automatically connect to an open network without your approval.
Disable sharing: Wi-Fi enabled devices may automatically enable themselves to sharing / connecting with other devices when attaching to a wireless network. File and printer sharing may be common in business and home networks, but this should be avoided in a public network such as a hotel, restaurant, or airport hotspot
Users may also wish to use complementary security measures to improve the security of their activity over the internet including virtual private networks (VPNs), firewalls, etc.
- Are Wi-Fi CERTIFIED products protected by security?
Yes. All Wi-Fi CERTIFIED products are tested for the latest generation of Wi-Fi security: Wi-Fi Protected Access® (WPA2™) The only way to be sure that a product meets these standards is to purchase only Wi-Fi CERTIFIED products.