The Wi-Fi Alliance recently announced the release of a new specification to Wi-Fi Protected Access II (WPA2), called WPA3. After the key reinstallation attack (KRACK) of last year, which exploited a flaw in the third step of the four-way handshake and allowed hackers to decrypt data exchanged between routers and end device, the Alliance is rolling out WPA3 increased security in the next few months on new Wi-Fi certified devices.
The Three Main Components of WPA3
- Improve wireless security, even for users whose passwords don’t meet complexity requirements. The Alliance plans to do this by blocking brute-force attacks against weak passwords by blocking authentication processes after a few failed login attempts.
- Strengthen user security over open wireless networks with public or free Wi-Fi. WPA3 does this by enabling individualized data encryption between routers, access points, and end devices, making it more difficult for someone to decrypt masses of data on unsecured Wi-Fi networks. It will also simplify security configurations for devices with limited or no display interface.
- Enable a 192-bit security suite that aligns with the Commercial National Security Algorithm (CNSA) for organizations with higher Wi-Fi security requirements, like the government and military.
In a January 8th press release, Edgar Figueroa, president and CEO of the Wi-Fi Alliance, said, “Security is a foundation of Wi-Fi Alliance certification programs, and we are excited to introduce new features to the Wi-Fi CERTIFIED™ family of security solutions. The Wi-Fi CERTIFIED designation means Wi-Fi devices meet the highest standards for interoperability and security protections.”
The Wi-Fi Alliance is a worldwide network of companies. Member companies, including Apple, Intel, and Microsoft, come together to collaborate on Wi-Fi access and security measures. Since 2000, the Alliance has certified more than 35,000 Wi-Fi enabled products