WPA2 is more secure than its predecessor, WPA (Wi-Fi Protected Access), and should be used whenever possible. Wireless routers support multiple security protocols to secure wireless networks, including WEP, WPA and WPA2. Of the three, WPA2 is the most secure, as this comparison explains.
|Stands For||Wi-Fi Protected Access||Wi-Fi Protected Access 2|
|What Is It?||A security protocol developed by the Wi-Fi Alliance in 2003 for use in securing wireless networks; designed to replace the WEP protocol.||A security protocol developed by the Wi-Fi Alliance in 2004 for use in securing wireless networks; designed to replace the WEP and WPA protocols.|
|Methods||As a temporary solution to WEP's problems, WPA still uses WEP's insecure RC4 stream cipher but provides extra security through TKIP.||Unlike WEP and WPA, WPA2 uses the AES standard instead of the RC4 stream cipher. CCMP replaces WPA's TKIP.|
|Secure and Recommended?||Somewhat. Superior to WEP, inferior to WPA2.||Yes, though more secure when Wi-Fi Protected Setup (WPS) is disabled.|
If a router is left unsecured, someone can steal your internet bandwidth, carry out illegal activities through your connection (and therefore in your name), monitor your internet activity, and install malicious software on your network. WPA and WPA2 are meant to protect wireless internet networks from such mischief by securing the network from unauthorized access.
Security Quality and Encryption
WEP and WPA use RC4, a software stream cipher algorithm that is vulnerable to attack. Thanks to WEP's use of RC4, small key sizes, and poor key management, cracking software is able to break past WEP security within minutes.
WPA was developed as a temporary solution to WEP's many shortcomings. However, WPA is still vulnerable because it is based on the RC4 stream cipher; the main difference between WEP and WPA is that WPA adds an extra security protocol to the RC4 cipher known as TKIP. But RC4 by itself is so problematic that Microsoft has urged users and companies to disable it when possible and rolled out an update in November 2013 that removed RC4 from Windows altogether.
Unlike its predecessors, WPA2 makes use of Advanced Encryption Standard (AES) and CCMP, a TKIP replacement. No devices or operating systems updated prior to 2004 can meet these security standards. As of March 2006, no new hardware or device can use the Wi-Fi trademark without recognizing the WPA2 certification program.
AES is so secure that it could potentially take millions of years for a supercomputers' brute-force attack to crack its encryption. However, there is speculation, partially based on Edward Snowden's leaked National Security Agency (NSA) documents, that AES does have at least one weakness: a backdoor that might have been purposely built into its design. Theoretically, a backdoor would allow the U.S. government to gain access to a network more easily. With AES encryption serving as the backbone of WPA2 security and many other security measures for the internet, the potential existence of a backdoor is cause for great concern.
Security measures can reduce the data speeds, or throughput, you are able to achieve in your local network. However, the security protocol you choose can dramatically change your experience. WPA2 is the fastest of the security protocols, while WEP is the slowest. The video below is of a series of performance tests that showcase the different throughput each security protocol can achieve.
WPA2 Personal vs. WPA2 Enterprise
Wireless routers usually offer two forms of WPA2: "Personal" and "Enterprise." Most home networks only have need for the personal setting. The video below describes the more technical differences between these two modes.
How to Secure a Wi-Fi Network
The following video briefly explains how to select a security protocol in a Linksys router's settings.
While WPA2 is superior to WPA and far superior to WEP, your router's security may ultimately depend on whether you use a strong password to secure it. This video explains how to create a strong password that is easy to remember.
You can also generate a random password. Password generators like Norton Password Generator and Yellowpipe Encryption Key Generator create a random string of characters with a mix of capitalization, numbers, punctuation, etc. These are the most secure passwords, especially when they are longer and include special characters, but they are not easy to remember.
Disadvantages of Wi-Fi Protected Setup (WPS)
In 2011, researchers from the U.S. Department of Homeland Security released an open source tool called Reaver that demonstrated a vulnerability in routers that use Wi-Fi Protected Setup, or WPS, a standard used to make router setup easier for the average user. This vulnerability can allow brute-force attackers to gain access to network passwords, regardless of WPA or WPA2 use.
If your router uses WPS (not all do), you should turn this feature off in your settings if you are able to do so. However, this is not a complete solution, as Reaver has been able to crack network security on routers with the WPS feature, even when it is turned off. The best, most secure solution is to use a router that has WPA2 encryption and no WPS feature.
- About WPA (Wi-Fi Protected Access) - Comcast
- Create secure passwords to keep your identity safe - Mozilla Support
- Estimated cost to make a brute-force WPA2 attack feasible - Information Security Stack Exchange
- The evolution of wireless security in 802.11 networks: WEP, WPA, and 802.11 standards (PDF) - SANS
- Has the NSA broken SSL? TLS? AES? - ZDNet
- Has the NSA really broken "strong" encryption? - PC Pro
- How the NSA Almost Killed the Internet - Wired
- How to Crack a Wi-Fi Network's WPA Password With Reaver - Lifehacker
- Researchers publish open-source tool for hacking WiFi Protected Setup - Ars Technica
- SSL/TLS broken again—A weakness in the RC4 stream cipher - Cryptanalysis
- Understanding the updated WPA and WPA2 standards - ZDNet
- Understanding WEP, WPA, and WPA2 - Professor Messer on YouTube
- Update for Disabling RC4 - Microsoft Security Advisory
- What is WPA2? - About.com Wireless/Networking
- Why Wireless Router / Gateway Security is So Important As Part of Your Security System - SUPERAntiSpyware Blog
- Wireless Witch: How to Test Your Wireless Performance - PCMag
- WPA - About.com Wireless/Networking
- WPA2 Security Now Mandatory for Wi-Fi Certified Products - Wi-Fi Alliance
- Wikipedia: IEEE 802.11i-2004
- Wikipedia: Institute of Electrical and Electronics Engineers
- Wikipedia: Wi-Fi Protected Access
- Wikipedia: Wired Equivalent Privacy