Wi-Fi is pretty much the wireless technology that binds us all to the Internet. Given the prevalence of laptops and mobile devices and the costs of cellular data like LTE, Wi-Fi is still the preferred way to connect to the Internet both at home and outside. So much so that when the KRACK vulnerability was discovered, there was an even bigger panic than with Meltdown and Spectre. While those holes have mostly been patched up, the Wi-Fi Alliance, the caretakers of the technology, quickly moved to finalize WPA3, the first Wi-Fi security update since 2003.
It is always the case that technology evolves faster than the standards can catch up with. Sometimes, that results in abuses and vulnerabilities, like the case of WPA2. Launched more than a decade ago, it was impossible for WPA2 to foresee advancements in hardware, the ubiquity of smartphones, and the rise of the Internet of Things market. And while the KRACK holes have mostly been plugged up, the Wi-Fi Alliance set to work on a new and sturdier ship.
Like WPA2, there are two “implementations”. WPA3-Personal, designed for use with password-based authentication, adds a layer of protection on top of AES encryption. This is called Simultaneous Authentication of Equals or SAE and it is designed to protect against “dictionary attacks” that try to brute force the guessing of passwords. WPA3-Enterprise, on the other hand, uses 192-bit cryptography to transmit data, promising even stronger protection in a world were digital data is sometimes more important than printed ones.
That’s not all that the Wi-Fi Alliance has published. The new Wi-Fi Easy Connect protocol that was explicitly designed with the new breed of IoT devices in mind, devices that have limited or no display at all. It’s like the “one push” WPS button but, instead of a button, it uses a QR code to quickly set up and connect such devices to a network.
The benefits that WPA3 will bring will mostly be invisible to users. They won’t need to change a thing except, perhaps, their routers. That said, such devices won’t be available until next year anyway but it’s still good to know that, after over a decade, Wi-Fi security has finally caught up with the times.