Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Wi-Fi Alliance Launches WPA3 Security Standard

The Wi-Fi Alliance, the non-profit organization whose global network of members maintains Wi-Fi technology, announced late on Monday the launch of the WPA3 security standard.

The Wi-Fi Alliance, the non-profit organization whose global network of members maintains Wi-Fi technology, announced late on Monday the launch of the WPA3 security standard.

Unveiled in January, the latest version of the Wi-Fi Protected Access (WPA) protocol brings significant improvements in terms of authentication and data protection.

The Wi-Fi Alliance will continue to maintain and improve WPA2, which is mandatory for Wi-Fi Certified devices, as it will likely take several years until WPA3 is widely adopted. The two versions of the protocol will maintain interoperability through a transitional mode of operation and WPA3 will become mandatory once adoption grows.

Wi-Fi Alliance launches WPA3WPA3 has two modes of operation: Personal and Enterprise. WPA3-Personal’s key features include enhanced protection against offline dictionary attacks and password guessing attempts, improved security even if users choose less complex passwords, and the use of forward secrecy in order to protect communications even if a password has been compromised.

WPA3-Enterprise provides 192-bit encryption for networks that require extra security (e.g. the networks of government and financial organizations), improved network resiliency, and greater consistency when it comes to the deployment of cryptographic tools.

Both the Personal and Enterprise modes prohibit the use of legacy protocols, and they require Protected Management Frames (PMF), which provides protection against eavesdropping and forging. PMF is also available for WPA2.

“WPA3 takes the lead in providing the industry’s strongest protections in the ever-changing security landscape,” said Edgar Figueroa, president and CEO of the Wi-Fi Alliance. “WPA3 continues the evolution of Wi-Fi security and maintains the brand promise of Wi-Fi Protected Access.”

The Wi-Fi Alliance also announced the introduction of Easy Connect, a system that makes it easier for users to connect smart home and other Internet of Things (IoT) devices to their wireless networks. Wi-Fi Easy Connect simplifies the process by allowing users to add devices by scanning a QR code with a smartphone or tablet.

Earlier this month, the Wi-Fi Alliance also announced the launch of Wi-Fi Enhanced Open, a certification program that provides protection for unauthenticated networks, such as the ones commonly found in coffee shops, hotels and airports.

The system is designed to protect connections against passive eavesdropping without requiring a password by using Opportunistic Wireless Encryption (OWE) to provide each user unique individual encryption that secures traffic between their device and the Wi-Fi network.

Related: Lenovo Patches Critical Wi-Fi Vulnerabilities

Related: Google Discloses Critical Wi-Fi Flaws Affecting iOS, Android

Related: Vendors Race to Fight KRACK Wi-Fi Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...