Wi-Fi security gets a major update, but experts warn it’s not big enough

The Wi-Fi Alliance, the organization that steers the Wi-Fi standard, has announced a new program for certifying Wi-Fi products that support WPA3, a newer and more secure protocol to WPA2, but your WPA3 certified device might only more secure than today’s devices in one aspect.

WPA3 could be a huge update to Wi-Fi security, by reducing the risk of users picking weak passwords, helping users securely configure devices that lack a physical user interface, improving public hotspot security, and increasing the key size required for securing enterprise networks.  

However, Mathy Vanhoef, one of the researchers at KU Leuven in Belgium who discovered the ubiquitous KRACK or Key Reinstallation Attacks attacks affecting WPA-2, says the Wi-Fi Alliance has missed its chance to improve Wi-Fi security by only requiring one new capability. 

The alliance in January announced that four new capabilities were coming to personal and enterprise Wi-Fi networks in 2018 as part of the its Wi-Fi CERTIFIED WPA3 process. WPA2 will still be supported for years to come but over time as more vendors meet WPA3 requirements, the latter will become the norm.

One key feature was that WPA3 could improve personal network protections when home users choose poor — short and simple — passwords. This is enabled through WPA3’s use of Simultaneous Authentication of Equals (SAE) handshake or key exchange, which makes it much harder for hackers to collect Wi-Fi passwords and crack them offline using so-called dictionary-attacks.