WPA3, also known as Wi-Fi Protected Access 3, is the third iteration of a security certification program developed by the Wi-Fi Alliance. WPA3 is the latest, updated implementation of WPA2, which has been in use since 2004. The Wi-Fi Alliance began to certify WPA3-approved products in 2018.
The WPA3 protocol provides new features for personal and enterprise use such as 256-bit Galois/Counter Mode Protocol (GCMP-256), 384-bit Hashed Message Authentication Mode (HMAC) and 256-bit Broadcast/Multicast Integrity Protocol (BIP-GMAC-256). The WPA3 protocol also supports security measures such as perfect forward secrecy.
WPA3 support will not be automatically added to every device. Users that wish to use WPA3-approved devices will have to either buy new routers that support WPA3 or hope the device is updated by the manufacturer to support the new protocol. WPA3 devices are expected to become readily available in 2019 and are backwards compatible with devices that use the WPA2 protocol.
WPA3 vs WPA2
While WPA3 is more secure and comprehensive than WPA2, the WPA2 protocol will still be supported and updated by the Wi-Fi Alliance for the foreseeable future. When compared to the WPA2 standard, WPA3 adds the following notable features:
Simultaneous Authentication of Equals protocol: This is used to create a secure handshake, where a network device will connect to a wireless access point and both devices communicate to verify authentication and connection. Even if a user’s password is weak, WPA3 provides a more secure handshake using Wi-Fi DPP.
Individualized data encryption: When logging on to a public network, WPA3 signs up a new device through a process other than a shared password. WPA3 uses a system called Wi-Fi Device Provisioning Protocol (DPP) which allows users to utilize NFC tags or QR codes to allow devices on the network. Further, WPA3 security uses GCMP-256 encryption, compared to the previously used 128-bit encryption.
Stronger brute force attack protection: WPA3 protects against offline password guesses by allowing a user only one guess, making the user have to interact with the Wi-Fi device directly, meaning they would have to be physically present every time they want to guess the password. WPA2 lacks built-in encryption and privacy in public open networks, making brute force attacks a large threat.
Bigger session keys: WPA3 will support larger session keys sizes, up to 192-bit security in enterprise use cases.