The next generation of Wi-Fi security is now available, with a new certification program for Wi-Fi Protected Access 3 just launched by Wi-Fi Alliance.
Here is a basic introduction to WPA3, in a Q&A with answers provided by Wi-Fi Alliance. Answers have been condensed and lightly edited.
RCR: What is WPA3?
Wi-Fi Certified WPA3 is the next generation of Wi-Fi security for both personal and enterprise networks. WPA3 delivers a suite of features that simplify Wi-Fi security, provide more robust authentication, and deliver increased cryptographic strength. WPA3-Personal provides robust, password-based authentication for personal, such as home, networks. WPA3-Enterprise offers enterprise-grade security for sensitive data networks like those found in government, military, or finance.
RCR: What are some of the significant differences between WPA2 and WPA3?
WFA: WPA3-Personal delivers resistance to offline dictionary attacks for stronger protections against password guessing attempts by third parties and stronger password protections when users choose passwords that fall short of complexity recommendations. WPA3-Personal also provides forward secrecy, protecting data traffic even if a password is later compromised. All of these new capabilities are delivered while requiring no change in the way users connect to a Wi-Fi network.
For WPA3-Enterprise, Wi-Fi Alliance is delivering cryptographic consistency for all Wi-Fi Certified WPA3 devices. WPA3-Enterprise is also delivering an optional 192-bit Security suite that protects networks that are transmitting sensitive data. The security suite delivers new cryptographic components, but also ensures there is no mismatching of components that would weaken security below 192-bit security strength, bringing greater consistency of security protocols. The 192-bit cryptographic strength is particularly important for networks in government, healthcare, or finance.
RCR: How does WPA3 improve Wi-Fi security?
WFA: WPA3 networks use the latest security methods and disallow the use of legacy protocols. For WPA3-Personal, it offers resistance to offline dictionary attacks, protecting users against password guessing attempts by third parties. WPA3-Personal provides protections even if a password falls short in complexity recommendations. Another important point is that it doesn’t require any changes to how users connect with Wi-Fi networks. Consumers will follow the same process of putting in a password but benefit from increased protections in the network. WPA3- Personal also provides forward secrecy, meaning it protects data traffic even if a password is later compromised.
 For WPA3-Enterprise, Wi-Fi Alliance is delivering an optional 192-bit Security suite that protects networks that are transmitting sensitive data. The security suite delivers new cryptographic components, but also ensures there is no mismatching of components that would weaken security below 192-bit security strength, bringing greater consistency of security protocols. The 192-bit cryptographic strength is particularly important for networks in government, healthcare, or finance.Â
RCR: What general timeline do you expect to see for WPA3 development and early deployments? When might we see broad adoption?
WFA: Qualcomm has announced it will support WPA3 across its entire portfolio as soon as this summer. Additional Wi-Fi Alliance members that plan to support WPA3 include Ruckus Networks (now part of ARRIS), Cisco, Broadcom, Aruba (part of Hewlett Packard Enterprise), Intel, Marvell and Silicon Motion, among others. Wi-Fi Alliance expects broad industry adoption of WPA3 by late 2019 in conjunction with the next generation of Wi-Fi based on 802.11ax standard.
RCR: Can you tell us a bit about the Wi-Fi Alliance certification process for WPA3?
WFA: Companies seeking WPA3 certification will go undergo rigorous testing by one of our independent Authorized Test Laboratories. When a product successfully passes testing, the manufacturer or vendor is granted the right to use the Wi-Fi Certified logo. Certification means that a product has been tested in numerous configurations with a diverse sampling of other devices to validate protections and interoperability with other Wi-Fi Certified equipment.
RCR: Are there situations where applying WPA3 doesn’t make sense to apply? What are the options for Wi-Fi security in those cases?
WFA: Wi-Fi Alliance always recommends deploying the latest Wi-Fi security. In scenarios where user authentication is not desired or distribution of credentials impractical, Wi-Fi Enhanced Open (a new certification program from Wi-Fi Alliance announced earlier this month) now provides added data protection. These unauthenticated networks are often deployed in public locations such as local coffee shops and guest networks with a web portal in airports, hotels, and sports arenas. Wi-Fi Enhanced Open offers improved data privacy while maintaining convenience and ease-of-use.