There's a new standard for securing Wi-Fi connections, and it's called WPA3.
Here's what that means for you: New Wi-Fi routers will come with stronger protections for the data that flows between your computers, phones or smart home devices and your internet connection. It will also boost security in workplace Wi-Fi networks with changes to the way wireless behaves on enterprise networks. The Wi-Fi Alliance, a partnership of tech companies that hashes out the protocol for Wi-Fi, announced some of these features earlier in 2018. On Monday, the organization announced the protocol has been finalized.
Wi-Fi is easy to take for granted -- it's literally in the air all around us, provided we're near a wireless router. But there's tons of sensitive information floating over the ether on Wi-Fi connections, so making wireless connections secure is no joke.
To better secure Wi-Fi users, the new protocol will make it harder to run a common hacking attack on your personal wireless network. It's called an offline dictionary-based attack, and it allows hackers to make endless guesses as to what your Wi-Fi password is. That often relies on software that tries combinations of characters, words and even common passwords to break into accounts.
WPA3 is available on new routers certified by the Wi-Fi Alliance, and it's up to individual vendors whether to install the protocol on existing routers with a software update.
WPA3 replaces Wi-Fi Protected Access 2, more commonly called WPA2, which was first introduced over a decade ago, in 2004. Security problems in WPA2 cropped up occasionally in that time, reminding us that unsecured Wi-Fi is bad news.
Most recently, researchers found a flaw they called KRACK, which could let attackers on the same Wi-Fi network access your internet traffic without a password. Device manufacturers released patches for the problem, and the Wi-Fi alliance required all new routers to be tested for the vulnerability. It was a repeat of a lesson from a decade earlier, when researchers found a different problem in the encryption that keeps internet traffic secure on a Wi-Fi connection.
Manufacturers like networking giant Cisco voiced their support for WPA3 in statements Monday. Cisco said it was not only planning to implement WPA3 in its upcoming products, but also looking for ways to update devices already out in the world with software that puts the new protocol in place.
CNET Daily News Get today's top news and reviews collected for you.
"The WPA3 program will bring much needed upgrades to wireless security protecting all levels of customers from consumer to enterprise [and] government," the company said in a statement.
For personal Wi-Fi users, the new security protections will work even if user passwords aren't highly complex and hard to guess, said Kevin Robinson, the Wi-Fi Alliance's marketing vice president. But even so, he urged users to be smart about their passwords.
"Users should still choose passwords that are hard to guess," Robinson said. "A user should not go and pick 'password' as their password."
Security: Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.
Blockchain Decoded: CNET looks at the tech powering bitcoin -- and soon, too, a myriad of services that will change your life.
vita10gy on June 26th, 2018 at 13:44 UTC »
My big wifi wish would be to disconnect security and the password. All connections should be secure, password or no. The password should be for controlling access.
Edit: Seems I'm getting my wish with WPA3. And it only took like 20 years.
Edit 2: Slight hijack of my own comment because I see the same ol' "If you can't confirm who you're talking to you're no better off...even though right now you are talking at them and 10000 other people" debate going on underneath me. I don't know how we solve the problem that anyone can set up "O'Hare Guest Wifi", but to me it's an entirely separate concern that isn't made any "worse" by encrypting open connections. HTTPS, for example, is a complex apparatus because it serves both as avenue of encryption AND proof you're talking to the real facebook. However, Wifi doesn't need the "proof" aspect to encrypt the signal and be a significant improvement over millions of people shouting what they're doing (or at least who they're doing something with) to anyone who wants to know all the time. Furthermore we shouldn't wait for that system to at least stop the shouting. The places it's the biggest issue already have no or well known passwords. Anyone spoofing JimsCoffeeShop already knows the password the same way anyone else trying to connect knows it. They were freely told it. Passwords do very little to verify you're talking to who you think you are either. A MITM still has to fool people, and likely won't fool everyone. Anyone with a packet sniffer simply walking through a room gets to listen to everyone right now.
Bottom line is I really hate this "if we can't solve EVERY issue, we may as well leave as shitty as possible" argument every time this comes up. There's no two steps forward, one step back aspect to encryption by default. It's all upgrade. No, it doesn't solve everything, no it doesn't replace https or VPNS and other end-to-end things, but that isn't the point.
Hubris2 on June 26th, 2018 at 12:47 UTC »
It's been ratified, but how long until this shows up in new routing devices.... how long are existing manufacturers going to take before they start updating? After that, how long until our mobile devices are updated so they can use it?
NicNoletree on June 26th, 2018 at 11:33 UTC »
So even with WPA3 we need to be told "A user should not go and pick 'password' as their password." Unfortunately I know too many people that need this reminder.