WPA2 stands for Wi-Fi Protected Access 2 and has been the industry standard protocol for protecting traffic on wireless networks since it was first introduced in 2004, superseding the previous Wired Equivalent Privacy (WEP) standard. All certified Wi-Fi equipment made since 2006 carries WPA2 security as standard.
As the Internet has become more and more central to our everyday lives, keeping traffic and sensitive data protected from malicious actors has become more and more important. And while anti-virus software and other security protections do a great job of keeping you safe online, there are also other measures in place behind the scenes that are protecting your personal data without you even knowing.
WPA2 traffic sent or received by Internet-connected devices cannot be intercepted or identified by a third party by encrypting it to pass through the network. But with WPA2 security now two decades old, is it still offering good enough security in the modern digital-first age, and what can you do to take full advantage of the protection it offers?
This article explores how WPA2 works, its advantages and drawbacks, and what the future of wireless security looks like.
How does WPA2 encryption work?
There are two different types of WPA2 security, depending on its use and internet traffic involved:
- WPA2 Personal: suitable for domestic or individual use, this is where a shared
WPA2 password enables access to the Internet router. This is based around a
Pre-Shared Key (WPA2-PSK), which is a word, phrase, or jumble of letters and
symbols between eight and 63 characters in length.
- WPA2 Enterprise: the same principle but taken to a further extent by relying on a database of client credentials and a separate server to authenticate user/device access. As a result, this is generally only suitable for use by businesses and larger organizations.
What both types of WPA2 protection have in common is they use the Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP). This is designed to ensure that data is encrypted for transmission through the network, and that only devices with the correct credentials are able to automatically decrypt that data at the other end.
Why is WPA2 security so important?
Perhaps the best way to describe the importance of a strong wireless security protocol is to compare your Internet traffic to a safe deposit box at home. This hypothetical box contains many valuables of high financial and sentimental value, as well as items like your passport and birth certificate that contain highly sensitive and personal pieces of information.
Not having any wireless security protection in place is similar to having no lock on that box and leaving your front door unlocked at the same time. Anybody could simply walk in and take the items if they wanted. In wireless security terms, this means there is absolutely nothing in place to stop cybercriminals from intercepting Internet traffic for their own malicious ends.
Having an old security protocol like WEP or the first version of WPA is like protecting that safe deposit box with a cheap, thin padlock: the kind you’d use on a locker at the gym or swimming pool. It may offer some limited protection, but it wouldn’t take much time or effort for a determined criminal to break the lock or guess the code to gain access.
WPA2 encryption, certainly when comparing WPA2 vs. WPA, is like protecting that box with a huge combination lock that has many different numbers to guess to open, like you’d get on a bank vault. It is as good as impossible for anyone to get the box open if they don’t have access to the key/combination, and it would take them far too long for them to try and guess the code.
In short: a WPA2 password is the key that keeps your digital valuables safe, whether it’s sensitive personal information, sentimental files like photos, or financially valuable data like your bank account details.
What are the advantages of a WPA2 password?
Having a strong password for WPA2 and security measures in place can be instrumental in enabling secure, stress-free activities online, thanks to a combination of:
Simplicity
WPA2 Personal means that client devices can trust the host network without the need for an enterprise authentication server. This allows virtually anyone to benefit from the protection that WPA2 offers without needing complex or specialized tech expertise.
Greater user control
The owner of the router can exercise full control over what the WPA2 password is, and who they choose to share it with. This makes it easy and quick for them to provide access to family and friends if required, and to prevent any access to others that shouldn’t have access to the network.
AES encryption technology
WPA2 encryption is based around the Advanced Encryption System (AES), which was initially developed by the United States government as a way of protecting classified data. Even now, over 20 years after its introduction, it still represents a highly complex encryption technology that even advanced cybercrime efforts and supercomputers have been unable to beat.
What are the limitations of WPA2?
While WPA2 security is strong, it isn’t bulletproof, and there are a few potential pitfalls and drawbacks to be aware of. These include:
Exploitable WPA2 passwords
Since a WPA2 password (at least at the WPA2 Personal level) is a single passphrase, it is far more vulnerable to data being leaked or intercepted than other, more detailed security credentials. This is especially the case if the WPA2 password is especially easy to remember or guess.
KRACK attacks
Some WPA2 networks have been affected by ‘KRACK’ attacks, where cybercriminals manage to gain access to networks during the handshake process between network hosts and clients. This has allowed them to gain network access and seize data thereafter.
Decreased performance
The strength of the WPA2 encryption means that it can take time for data to be encrypted and decrypted again.While this may not be a problem in everyday use, it may lead to slower performance when data volumes and workloads are especially high.
What does the future hold for WPA2 and wireless security in general?
Due to some of the vulnerabilities that WPA2 can expose users and devices to, a newer version of WPA has gradually been developed and introduced in recent years.
WPA3 certification by the Wi-Fi Alliance began in 2018, and all Wi-Fi devices looking for certification from July 2020 have been required to support WPA3 encryption as standard. When looking at WPA3 v WPA2, the newer version features Protected Management Frames that are designed to protect against attempted eavesdropping; removes the ability to continue using older security protocols that are obsolete; and can be used with stronger 192-bit security encryption.
WPA3 has proved especially effective in addressing the KRACK vulnerability that has affected some WPA2 users. It has achieved this with a more secure handshake known as Simultaneous Authentication of Equals (SAE), where each device involved in a connection transmits single-use authentication credentials to the others. This handshake cannot be accessed by any users or devices not involved in the connection, and as different credentials are generated every time a connection is made, cybercriminals cannot reuse older credentials to gain access at a later date.
Furthermore, WPA3 also features functions such as Wi-Fi Easy Connect, which provides simple, secure onboarding for Internet of Things devices; and Wi-Fi Enhanced Open which provides automatic encryption when using otherwise vulnerable public Wi-Fi connections.
What can I do to maximize the value of WPA2 wireless security?
Firstly, if you’re still connecting to the Internet using WPA2 security, don’t panic it still represents very strong protection for your everyday Internet traffic.
Moving towards WPA3-enabled routers and hardware in the future is definitely a good idea but is still relatively uncommon and can also be expensive to adopt. So, if WPA3 isn’t possible or practical for you to do at this point, we recommend the following best practices to ensure your WPA2 security is as strong as it possibly can be:
Turn off remote access on the router
Many
routers feature a remote access function, which allows users with the right
security credentials to connect to the router from almost anywhere in the world
and monitor the traffic going in and out of it. However, if you’re able to
access the router remotely, then it’s potentially possible for a cybercriminal
to do the same through sophisticated means such as a Remote Access Trojan (RAT).
Therefore, the
safest way to mitigate this risk is to disable the remote access function
unless you absolutely need it, and even then, keep it disabled at times when it
isn’t required.
Use strong passwords and update them regularly
It’s surprising how many people still set up a WPA2 password as ‘00000000’ or ‘password12345’. The easier and more generic a password is, the easier it is for a cybercriminal to take a lucky guess and gain access to network traffic. Think back to the safe deposit box we mentioned earlier: you wouldn’t set the code on the padlock to ‘1234’, would you?
You should therefore make your passwords as complicated and personal as you can and use a password manager to help you remember them. It is also recommended to change passwords at least every few months, so that any older credentials that inadvertently fall into the wrong hands can’t still be used.
Update software and hardware - especially the router
Every piece of software and hardware can be exposed to security vulnerabilities over time, especially as they get older, and cybercriminals learn more about them. Routers are certainly no exception to this and so should be updated and patched regularly so that the latest fixes and protections are constantly in place.
Deploy a Virtual Private Network (VPN)
While
your WPA2 password may protect your data while you’re at home or in the office,
what happens when you’re out and about - especially if connecting to unsecured
public Wi-Fi?
This is where a good Virtual Private Network like Kaspersky VPN Secure
Connection is
so important, as it delivers security and privacy across all devices and in any
location. Certified by AV-TEST GmbH as the fastest VPN on the market, it also
ensures you get the best possible protection without any compromise around the
speed and performance of your connection.
Related Articles:
- What Can Hackers Do with Your Email Address?
- Identity Theft and Identity Fraud: What to Do if Your Identity is Stolen
- How To Choose the Right Password Manager: What To Look Out For
Related Products:
