At last, Wi-Fi security — or lack of — is about to get its day in the sun.
The Wi-Fi Alliance, an industry body made up of device makers including Apple, Microsoft, and Qualcomm, announced Monday its next-generation wireless network security standard, WPA3. The standard will replace WPA2, a near-two decades-old security protocol that’s built in to protect almost every wireless device today — including phones, laptops, and the Internet of Things.
One of the key improvements in WPA3 will aim to solve a common security problem: open Wi-Fi networks. Seen in coffee shops and airports, open Wi-Fi networks are convenient but unencrypted, allowing anyone on the same network to intercept data sent from other devices.
WPA3 employs individualized data encryption, which scramble the connection between each device on the network and the router, ensuring secrets are kept safe and sites that you visit haven’t been manipulated.
Another key improvement in WPA3 will protect against brute-force dictionary attacks, making it tougher for attackers near your Wi-Fi network to guess a list of possible passwords.
The new wireless security protocol will also block an attacker after too many failed password guesses.
WPA2, the current incarnation of the wireless security standard since 2004, uses a four-way handshake to securely allows new devices with a pre-shared password to join a network. The newer WPA3 will use a newer kind of handshake, Mathy Vanhoef, a computer security academic, said, which will “not be vulnerable to dictionary attacks.”
A new wireless security standard can’t come soon enough.
A few months ago Wi-Fi security was under scrutiny amid a security vulnerability in WPA2, discovered by Vanhoef, which put every WPA2-compatible device — including routers, phones, and computers — at risk of hijack.
The new WPA3 security standard is expected to land in devices later this year.