When wifi first appeared, it was secured by something called “WEP” that was so laughably weak that many people believe it was deliberately sabotaged by US spy agencies (who have a history of sabotaging security standards in order to preserve the ability to spy on their adversaries).
WEP’s successors, WPA and WPA2, made significant improvements but still had major deficiencies that have only grown more important as the number of wireless devices (including sex toys, cameras, kids’ toys, software-controlled door locks, etc) proliferated.
WPA3 is a major step forward in security, and as of today, the Wifi Alliance will certify equipment as complying with the standard.
The two most significant improvements in WPA3 are an anti-password-guessing countermeasure that makes “dictionary attacks” (trying every possible combination of words, numbers, punctuation, etc, including simple variants made by substituting symbols or numbers for letters) much harder, by preventing offline guessing attacks and forcing guessers to send their guesses to the router, which can detect and lock out devices that are attempting this kind of shenanigan.
The other improvement is “forward secrecy” — the ability to keep old encrypted data from being descrambled even if attackers compromise the system in the future.
Even with the added technical details, talking about WPA3 feels almost still premature. While major manufacturers like Qualcomm already have committed to its implementation as early as this summer, to take full advantage of WPA3’s many upgrades, the entire ecosystem needs to embrace it.
That’ll happen in time, just as it did with WPA2. And the Wi-Fi Alliance’s Robinson says that backward interoperability with WPA2 will ensure that some added security benefits will be available as soon as the devices themselves are. “Even at the very beginning, when a user has a mix of device capabilities, if they get a network with WPA3 in it, they can immediately turn on a transitional mode. Any of their WPA3-capable devices will get the benefits of WPA3, and the legacy WPA2 devices can continue to connect,” Robinson says.
Lurking inside that assurance, though, is the reality that WPA3 will come at a literal cost. “The gotcha is that everyone’s got to buy a new everything,” says Rudis. “But at least it’s setting the framework for a much more secure setup than what we’ve got now.”
The Next Generation of Wi-Fi Security Will Save You From Yourself [Brian Barrett/Wired]
Wi-Fi security is starting to get its biggest upgrade in over a decade [Jacob Kastrenakes/The Verge]