Wireless security is a crucial aspect of staying safe online. Connecting to the internet over insecure links or networks is a security risk that could potentially lead to data loss, leaked account credentials, and the installation of malware on your network. Using the proper Wi-Fi security measures is critical – but in doing so, it’s important to understand the differences between different wireless encryption standards, including WEP, WPA, WPA2, and WPA3.
Wi-Fi Protected Access (WPA) is a security standard for computing devices with wireless internet connections. It was developed by the Wi-Fi Alliance to provide better data encryption and user authentication than Wired Equivalent Privacy (WEP), which was the original Wi-Fi security standard. Since the late 1990s, Wi-Fi security types have gone through multiple evolutions to improve them.
Since wireless networks transmit data through radio waves, data can be easily intercepted unless security measures are in place. Introduced in 1997, Wired Equivalent Privacy (WEP) was the first attempt at wireless protection. The aim was to add security to wireless networks by encrypting data. If wireless data were intercepted, it would be unrecognizable to the interceptors since it had been encrypted. However, systems that are authorized on the network would be able to recognize and decrypt the data. This is because devices on the network make use of the same encryption algorithm.
WEP encrypts traffic using a 64- or 128-bit key in hexadecimal. This is a static key, which means all traffic, regardless of device, is encrypted using a single key. A WEP key allows computers on a network to exchange encoded messages while hiding the messages' contents from intruders. This key is what is used to connect to a wireless-security-enabled network.
One of WEP’s main goals was to prevent Man-in-the-Middle attacks, which it did for a time. However, despite revisions to the protocol and increased key size, various security flaws were discovered in the WEP standard over time. As computing power increased, it became easier to exploit for criminals to exploit those flaws. Because of its vulnerabilities, the Wi-Fi Alliance officially retired WEP in 2004. Today, WEP security is considered obsolete, although it is still sometimes in use – either because network administrators haven’t changed the default security on their wireless routers or because devices are too old to support newer encryption methods like WPA.
Next came WPA, or Wi-Fi Protected Access. Introduced in 2003, this protocol was the Wi-Fi Alliance’s replacement for WEP. It shared similarities with WEP but offered improvements in how it handled security keys and the way users are authorized. While WEP provides each authorized system with the same key, WPA uses the temporal key integrity protocol (TKIP), which dynamically changes the key that systems use. This prevents intruders from creating their own encryption key to match the one used by the secure network. The TKIP encryption standard was later superseded by the Advanced Encryption Standard (AES).
In addition, WPA included message integrity checks to determine if an attacker had captured or altered data packets. The keys used by WPA were 256-bit, a significant increase over the 64 bit and 128-bit keys used in the WEP system. However, despite these improvements, elements of WPA came to be exploited – which led to WPA2.
You sometimes hear the term ‘WPA key’ in relation to WPA. A WPA key is a password that you use to connect to a wireless network. You can get the WPA password from whoever runs the network. In some cases, a default WPA passphrase or password may be printed on a wireless router. If you can't determine the password on your router, you may be able to reset it.
WPA2 was introduced in 2004 and was an upgraded version of WPA. WPA2 is based on the robust security network (RSN) mechanism and operates on two modes:
Both modes use the CCMP – which stands for Counter Mode Cipher Block Chaining Message Authentication Code Protocol. The CCMP protocol is based on the Advanced Encryption Standard (AES) algorithm, which provides message authenticity and integrity verification. CCMP is stronger and more reliable than WPA's original Temporal Key Integrity Protocol (TKIP), making it more difficult for attackers to spot patterns.
However, WPA2 still has drawbacks. For example, it is vulnerable to key reinstallation attacks (KRACK). KRACK exploits a weakness in WPA2, which allows attackers to pose as a clone network and force the victim to connect to a malicious network instead. This enables the hacker to decrypt a small piece of data that may be aggregated to crack the encryption key. However, devices can be patched, and WPA2 is still considered more secure than WEP or WPA.
WPA3 is the third iteration of the Wi-Fi Protected Access protocol. The Wi-Fi Alliance introduced WPA3 in 2018. WPA3 introduced new features for both personal and enterprise use, including:
Individualized data encryption: When logging on to a public network, WPA3 signs up a new device through a process other than a shared password. WPA3 uses a Wi-Fi Device Provisioning Protocol (DPP) system that allows users to use Near Field Communication (NFC) tags or QR codes to allow devices on the network. In addition, WPA3 security uses GCMP-256 encryption rather than the previously used 128-bit encryption.
Simultaneous Authentication of Equals protocol: This is used to create a secure handshake, where a network device will connect to a wireless access point, and both devices communicate to verify authentication and connection. Even if a user’s password is weak, WPA3 provides a more secure handshake using Wi-Fi DPP.
Stronger brute force attack protection: WPA3 protects against offline password guesses by allowing a user only one guess, forcing the user to interact with the Wi-Fi device directly, meaning they would have to be physically present every time they want to guess the password. WPA2 lacks built-in encryption and privacy in public open networks, making brute force attacks a significant threat.
WPA3 devices became widely available in 2019 and are backwards compatible with devices that use the WPA2 protocol.
Knowing your Wi-Fi encryption type is important for your network's security. Older protocols are more vulnerable than newer ones and, therefore, more likely to fall victim to a hacking attempt. This is because older protocols were designed before it was fully understood how hackers attacked routers. The more recent protocols have fixed these exploits and are therefore considered to offer the best Wi-Fi security.
In Windows 10:
On an iPhone:
Unfortunately, there is no way within iOS to check your Wi-Fi security. If you want to check your Wi-Fi’s security strength, you can either use a computer or log into the router through the phone. Each router may be different, so you may need to refer to the documentation that came with the device. Alternatively, if your internet service provider set up the router, you could contact them for assistance.
If a router is left unsecured, criminals could steal your internet bandwidth, carry out illegal activities through your connection, monitor your internet activity, and install malicious software on your network. Therefore, an important aspect of securing your router is understanding the differences between security protocols and implementing the most advanced one your router can support (or upgrading it if it can’t support current generation secure standards). WEP is now considered out of date as a Wi-Fi encryption standard, and users should aim to use more recent protocols where possible.
Other steps you can take to improve router security include:
You can read our complete guide to setting up a secure home network here. One of the best ways to stay safe online is through using an up-to-date antivirus solution such as Kaspersky Total Security. This works 24/7 to safeguard you from hackers, viruses, and malware and includes privacy tools to protect you from every angle.