We’re living in a world in which your kitchen and everyday home appliances can connect to the internet. Which means probably the WiFi devices that provide that access should be using a security protocol that’s less than 14 years old. You think?
Lucky for all of us, they will be soon.
Starting today, that new WiFi security protocol is here.
The Wi-Fi Alliance, a non-profit group that certifies WiFi products to ensure an interoperability standard, has officially launched the next generation of its security protocol, WPA3. The alliance has just begun to certify WPA3-enabled WiFi products.
WPA2 is the WiFi security protocol that’s been the standard since 2004. What’s been updated to make WPA3 superior?
The biggest change from WPA2 to WPA3 fixes a huge security flaw that plagued the old system from the start. If someone wanted to access your WiFi device, under WPA2, they had unlimited, unhindered chances to guess your WiFi password. This is an issue even the most basic websites fought head-on years ago, via tech like reCAPTCHA. For hackers who deploy brute force attacks — a method that basically scans through the dictionary, automatically guessing different words and combinations until it cracks your password — this 14-year vulnerability was a gift.
Now hackers will have to work much harder to break into your WiFi network. Ostensibly, WPA3 solves this security issue by allowing a single password attempt. If the first try at the password is incorrect, you’ll need to physically interact with the WiFi device.
Now hackers will have to work much harder to break into your WiFi network.
Let’s say a hacker does gain access to your WiFi device. Under WPA2, the unauthorized user had the ability to decrypt any traffic that flowed through, even before they had access to your network. Thanks to WPA3’s support of forward secrecy, this flaw is also rendered obsolete. All traffic from before the breach will remain encrypted to that unauthorized user.
And speaking of the Internet of Things — your fridges and toasters that are just as logged-on as you are — WPA3 brings along with it a feature called WiFi Easy Connect. This will make it easier to give appliances that may not have an easy-to-use interface or even a screen access to the internet. With the scan of two QR codes, your vacuum could easily connect to your WPA3-enabled router.
So, how does this affect you?
Right now? Not much. Using the new security protocol requires the purchase of a WPA3-enabled WiFi device. If you’re a company, especially in the tech and telecommunications industries, sure, you’ll probably be upgrading to WPA3 sooner rather than later. But say you’re an individual consumer. When’s the last time you purchased a new WiFi router? There’s a good chance you’re using that old model you rent from your cable company. There are currently billions of WiFi devices out there. How many people will decide to update theirs solely based on WPA3 as a feature?
WPA3 is currently not mandatory in order for a device to be certified by the Wi-Fi Alliance. But it eventually will be. Even then, mass adoption of new WPA3-enabled devices would take years from that moment, giving hackers plenty of time to find new security flaws and exploit them.