WPA2 is more secure than its predecessor, WPA (Wi-Fi Protected Access), and should be used whenever possible. Wireless routers support multiple security protocols to secure wireless networks, including WEP, WPA and WPA2. Of the three, WPA2 is the most secure, as this comparison explains.

Comparison chart

WPA versus WPA2 comparison chart
Edit this comparison chartWPAWPA2
Stands For Wi-Fi Protected Access Wi-Fi Protected Access 2
What Is It? A security protocol developed by the Wi-Fi Alliance in 2003 for use in securing wireless networks; designed to replace the WEP protocol. A security protocol developed by the Wi-Fi Alliance in 2004 for use in securing wireless networks; designed to replace the WEP and WPA protocols.
Methods As a temporary solution to WEP's problems, WPA still uses WEP's insecure RC4 stream cipher but provides extra security through TKIP. Unlike WEP and WPA, WPA2 uses the AES standard instead of the RC4 stream cipher. CCMP replaces WPA's TKIP.
Secure and Recommended? Somewhat. Superior to WEP, inferior to WPA2. Yes, though more secure when Wi-Fi Protected Setup (WPS) is disabled.

Purpose

If a router is left unsecured, someone can steal your internet bandwidth, carry out illegal activities through your connection (and therefore in your name), monitor your internet activity, and install malicious software on your network. WPA and WPA2 are meant to protect wireless internet networks from such mischief by securing the network from unauthorized access.

Security Quality and Encryption

WEP and WPA use RC4, a software stream cipher algorithm that is vulnerable to attack. Thanks to WEP's use of RC4, small key sizes, and poor key management, cracking software is able to break past WEP security within minutes.

WPA was developed as a temporary solution to WEP's many shortcomings. However, WPA is still vulnerable because it is based on the RC4 stream cipher; the main difference between WEP and WPA is that WPA adds an extra security protocol to the RC4 cipher known as TKIP. But RC4 by itself is so problematic that Microsoft has urged users and companies to disable it when possible and rolled out an update in November 2013 that removed RC4 from Windows altogether.

The Wi-Fi Alliance logo

Unlike its predecessors, WPA2 makes use of Advanced Encryption Standard (AES) and CCMP, a TKIP replacement. No devices or operating systems updated prior to 2004 can meet these security standards. As of March 2006, no new hardware or device can use the Wi-Fi trademark without recognizing the WPA2 certification program.

AES is so secure that it could potentially take millions of years for a supercomputers' brute-force attack to crack its encryption. However, there is speculation, partially based on Edward Snowden's leaked National Security Agency (NSA) documents, that AES does have at least one weakness: a backdoor that might have been purposely built into its design. Theoretically, a backdoor would allow the U.S. government to gain access to a network more easily. With AES encryption serving as the backbone of WPA2 security and many other security measures for the internet, the potential existence of a backdoor is cause for great concern.

Encryption Speed

Security measures can reduce the data speeds, or throughput, you are able to achieve in your local network. However, the security protocol you choose can dramatically change your experience. WPA2 is the fastest of the security protocols, while WEP is the slowest. The video below is of a series of performance tests that showcase the different throughput each security protocol can achieve.

WPA2 Personal vs. WPA2 Enterprise

Wireless routers usually offer two forms of WPA2: "Personal" and "Enterprise." Most home networks only have need for the personal setting. The video below describes the more technical differences between these two modes.

How to Secure a Wi-Fi Network

The following video briefly explains how to select a security protocol in a Linksys router's settings.

Strong Passwords

While WPA2 is superior to WPA and far superior to WEP, your router's security may ultimately depend on whether you use a strong password to secure it. This video explains how to create a strong password that is easy to remember.

You can also generate a random password. Password generators like Norton Password Generator and Yellowpipe Encryption Key Generator create a random string of characters with a mix of capitalization, numbers, punctuation, etc. These are the most secure passwords, especially when they are longer and include special characters, but they are not easy to remember.

Disadvantages of Wi-Fi Protected Setup (WPS)

In 2011, researchers from the U.S. Department of Homeland Security released an open source tool called Reaver that demonstrated a vulnerability in routers that use Wi-Fi Protected Setup, or WPS, a standard used to make router setup easier for the average user. This vulnerability can allow brute-force attackers to gain access to network passwords, regardless of WPA or WPA2 use.

If your router uses WPS (not all do), you should turn this feature off in your settings if you are able to do so. However, this is not a complete solution, as Reaver has been able to crack network security on routers with the WPS feature, even when it is turned off. The best, most secure solution is to use a router that has WPA2 encryption and no WPS feature.

References

Share this comparison:

If you read this far, you should follow us:

"WPA vs WPA2." Diffen.com. Diffen LLC, n.d. Web. 3 Dec 2016. < >