Look for Wi-Fi Alliance Certification to Ensure Upgraded Security
Before diving into the improvements in WPA3, it’s important to be clear about where WPA3 will and won’t be available. First, take a closer look at Wi-Fi 5 and Wi-Fi 6: The terms were coined by the Wi-Fi Alliance, an industry consortium. Most IT managers use Wi-Fi 6 as a synonym for IEEE 802.11ax, the technical name given to the standard by the Institute of Electrical and Electronics Engineers (similarly, Wi-Fi 5 is the common name for IEEE 802.11ac). However, there are differences: The Wi-Fi Alliance has selected certain options and features and made a particular profile in the name of interoperability. The same is true with WPA3, which is not entirely required by 802.11ax but is required by the Wi-Fi Alliance.
The Wi-Fi Alliance certifies all Wi-Fi hardware from major vendors, especially in the U.S. Wi-Fi Alliance certification on access points guarantees good interoperability with most client devices, such as laptops, smartphones and tablets.
Anything certified by the Wi-Fi Alliance since 2020 will have WPA3, because it was added as a requirement, not just for new 802.11ax (Wi-Fi 6) but also any new 802.11ac (Wi-Fi 5) access points. What this means is that WPA3 comes with Wi-Fi 6 and any recently released Wi-Fi 5 products, but may also be available as an upgrade to existing Wi-Fi 5 equipment. Because all major Wi-Fi vendors in the U.S. are certified by the Wi-Fi Alliance, it’s helpful to focus on the WPA3 features that the organization has mandated.
DISCOVER: Here are six creative ways to spend ESSER funds before they expire.
WPA3 Strengthens Encryption for Every Connection
One base requirement for WPA3 is the use of the Protected Management Frames standard. PMF changes how Wi-Fi networks operate to guard against some types of attacks, including evil twin access points and forged disconnect messages. In a K-12 environment, for example, PMF within WPA3 will prevent a mischievous student from taking down the classroom Wi-Fi network as a prank.
WPA3 also improves security of encrypted data sent over the air. Each Wi-Fi network can have one of three types of WPA protection:
- Open, meaning no password required to connect
- WPA Personal, in which everyone uses the same password to connect to the network
- WPA Enterprise, in which each user has a unique username and password for connecting to the network
Newer Wi-Fi security standards are designed to improve the security of all three.
Because WPA Personal uses a new dynamic encryption key for each Wi-Fi connection, the data can’t be decrypted even if the shared password is known by an attacker. In K-12 environments, Wi-Fi often uses WPA Personal, so improving this type of security brings big benefits to education networks.
LEARN MORE: Here are 5 ways to build in an extra layer of network security.
WPA Enterprise has always had per-user encryption keys for Wi-Fi data, but WPA3 requires stronger encryption for every connection. WPA3 also has an optional feature to significantly extend the key length used in encryption, further reducing the likelihood that someone recording a Wi-Fi connection will be able to decrypt the data in the future.
For K-12 IT teams, one of the most interesting features bundled in with WPA3 products is an internet standard known as Opportunistic Wireless Encryption, which the Wi-Fi Alliance calls Wi-Fi Certified Enhanced Open. The goal of OWE is to encrypt all wireless communications, even if no password is used to connect to the wireless network.
With OWE, every client automatically and transparently negotiates an individual encryption key with the access point, dramatically reducing the risk of someone eavesdropping on the Wi-Fi network. OWE is not part of the Wi-Fi Alliance’s WPA3 requirements, so devices supporting OWE have a separate Enhanced Open certification. Unfortunately, Enhanced Open is not yet widely supported in client devices.