Your Wi-Fi hotspots are about to get more secure.
The nonprofit Wi-Fi Alliance has announced Wi-Fi Protected Access 3 (WPA3), a set of features that aim to improve Wi-Fi security. These features include protection for users who choose weak passwords and “individualized data encryption” on open Wi-Fi networks, which is good news for people who regularly use internet-connected devices in public places.
WPA3 is set for release this year.
A serious flaw in WPA2, the current security protocol for devices that use Wi-Fi, was discovered in October. WPA2 will remain the standard in Wi-Fi devices for now, the Wi-Fi Alliance said in a statement, but there are plans to improve it.
“New testing enhancements will… reduce the potential for vulnerabilities due to network misconfiguration, and further safeguard managed networks with centralized authentication services,” the organization said.
WPA security works through what is known as a four-way “handshake.” That handshake ensures that the user and access points have the same password, but it can still be vulnerable to hackers. WPA3 is expected to feature a stronger handshake—and devices will be required to support that handshake.
Mathy Vanhoef, one of the researchers who discovered the flaw in WPA2, described on Twitter how WPA3 would improve Wi-Fi security.
Finally, WPA3!! It will include a more secure handshake: "WPA3 will deliver robust protections even when users choose passwords that fall short of typical complexity recommendations" https://t.co/9Ty1SrI1VB
— Mathy Vanhoef (@vanhoefm) January 8, 2018
That means dictionary attacks no longer work. The handshake they're referring to is likely Simultaneous Authentication of Equals (SAE). Which is also called Dragonfly. See https://t.co/WNZnGzZTO6
— Mathy Vanhoef (@vanhoefm) January 8, 2018
The standards behind WPA3 already existed for a while. But now devices are *required* to support them, otherwise they're won't receive the "WPA3-certified" label.
— Mathy Vanhoef (@vanhoefm) January 8, 2018
The Wi-Fi Alliance also said that WPA3 will feature a security suite to protect “Wi-Fi networks with higher security requirements such as government, defense, and industrial.”