WPA3: what are the main changes to the wireless security standard
After the KRACK attack and the discovery of WPA2 security problem that was putting at hijack risk all WPA2-compatible device like routers, computers and smartphones, Wi-Fi Alliance has announced a new security protocol: WPA3. WPA3 is a substitute for WPA2 (the wireless security standard since 2004) and should be landed later in 2018.
Four new capabilities will be launched in 2018 as part of the Wi-Fi certified WPA3. These features, available for personal and Wi-Fi networks enterprises, consist in delivering more robust protection regarding user’s password to access a Wi-Fi network and simplifying the security configuration for devices with a limited, or no display interface.
For example, a WPA3 key improvement aims to block “dictionary attacks”, or when a hacker tries to gain unauthorised access to a computer system by using a large set of words to generate potential passwords.
The new security protocol should prevent hackers from guessing a list of potential passwords to access a Wi-Fi network. Moreover, the hacker will be blocked after too many failed password thanks to its new handshake system ( WPA2 currently uses a four-way handshake).
Another interesting change touches on the open Wi-Fi networks. Open Wi-Fi networks are all networks in public spaces like café, airport, parks… that are not encrypted and so risky for the user whose data could be intercepted by a hacker.
WPA3 will use individualized data encryption that muddles the connection between each device on a network and the router. By doing so, WPA3 prevents hackers from stealing data or modifying websites.
Obviously, building a new wireless security standard takes time, and WPA3 won’t substitute WPA2 before few months, but Wi-Fi Alliance underlined the necessity of updating Wi-Fi security in a modern society where the Wi-Fi demand is increasing.