WPA3: Your next wireless devices should support it
The "best if used by" date on the underside of your Wi-Fi router has long since passed. The WPA2 encryption standard it uses was adopted 15 years ago and suffers from serious flaws. There's a new standard implemented in the newest hardware and software, called WPA3. If you are buying new hardware, do not buy anything that doesn't implement WPA3.
What is WPA?
In case you're not up on it, WPA stands for Wi-Fi Protected Access, the standard for authentication and encryption over Wi-Fi networks. Authentication ensures that only people who should be on the network can get on the network. Encryption means that nobody can monitor the wireless communications and see what users are sending to and receiving from the network.
In many scenarios—the industry-standard coffee shop, for example—the network has neither authentication nor encryption. Allowing anyone to get on is a feature, not a bug, but the lack of encryption means that anyone else on the network can monitor your communications and even tamper with your devices. WPA3 solves this problem by providing an open network that anyone can easily join but which, nevertheless, is strongly encrypted.
This open, encrypted network uses a standard called Opportunistic Wireless Encryption (OWE), which is called Enhanced Open in WPA configuration. Another key standard in WPA3 is WPA3-SAE (Simultaneous Authentication of Equals), a new and better form of shared password that avoids many of the key weaknesses of WPA2's shared password system.
In August 2018, we discussed WPA3 with Dan Harkins, a fellow at Aruba, a Hewlett Packard Enterprise company, and author of many of the basic standards behind WPA3, including OWE and SAE. The difference between now and then is that WPA3 hardware is available from Aruba and other companies for businesses small, medium, and large.
Because of OWE and SAE, the common practice of posting a Wi-Fi password on a sign for all to see is unnecessary with WPA3. Users can connect with OWE and are strongly encrypted with no configuration at all.
WPA3 support availability
This isn't to say that you can buy the new hardware and get up and running on WPA3 immediately. The first generation of support for WPA3 in client devices is just rolling out. Android 10 has support, but it is still in beta (as of September 2019), and there is no official release date. The same goes for Apple, which has released WPA3 support in iOS 13. The latest builds of Windows 10 have support for WPA3-SAE, but there's an important short-term qualifier on Windows support: Windows may support it, but the device driver for the network hardware must also. This will take time, and there may be old devices that don't get support. There is no word from Apple on support in the Mac, but if iOS is supporting WPA3, Mac support is likely not far off.
With all those caveats, nascent, incomplete support for WPA3 is much more valuable than universal and mature support for WPA2, especially for new purchases and especially on consumer configurations, which are the ones you would use in your home or any small business. As client support starts to increase, it is critical that network infrastructure already support it.
While support for WPA3 is growing, routers and access points will be able to offer older clients a fallback to the WPA2 PSK and Open methods, but those users will be vulnerable while the WPA3 users on the same network will be protected.
Even though operating system support for WPA3 is only beginning to be released, the imperative for WPA3 is clear: It is demonstrably more secure than WPA2 and not having it will, before too long, make your wireless network less secure than users and IT professionals have a right to expect. Therefore, you should expect the wireless hardware you buy to support it now.
This article/content was written by the individual writer identified and does not necessarily reflect the view of Hewlett Packard Enterprise Company.