What is WiFi Protected Access (WPA)?

Most wireless networks should use either WPA, WPA2, or the most secure, WPA3.

How it works

WPA operates in either WPA-PSK mode (a.k.a. Pre-Shared Key or WPA-Personal) or WPA-802.1x mode (a.k.a. RADIUS or WPA-Enterprise). In the Personal mode, a pre-shared key or passphrase is used for authentication. In the Enterprise mode, which is more difficult to configure, the 802.1 x RADIUS servers and an Extensible Authentication Protocol (EAP) are used for authentication.

The enhanced WPA2 uses Advanced Encryption Standard (AES) instead of Temporal Key Integrity Protocol (TKIP) to provide stronger encryption mechanism. WPA3, the latest, is even more secure than WPA2 and uses Simultaneous Authentication of Equals (SAE) encryption. WPA3 can only be used by WiFi devices that support WPA3.

WPA-PSK isn't much more difficult to configure than the older WEP, but still isn't available on some older products. All computers, access points, and wireless adapters must use the same type of security.

Advantages of WPA

• Provides extremely strong wireless security.
• Adds authentication to WEP's basic encryption.
• Offers backward-compatible WEP support for devices that aren't upgraded.
• Integrates with RADIUS servers to allow administration, auditing and logging.

Disadvantages of WPA

• Except when using with the Pre-Shared key (WPA-PSK), complicated setup is required, unsuitable for typical home users.
• Older firmware usually will not be upgraded to support it.
• Incompatible with older operating systems such as Windows 95.
• Greater performance overhead than WEP.
• Remains vulnerable to Denial of Service attacks.

Facts about WPA

• To use WPA, all computers, access points and wireless adapters must have WPA software.
• WPA was introduced in 2003. To run WPA between two computers, both must have WPA software, as well as all access points and wireless adapters between them. Equipment older than 2003 will often not be upgradable.
• WPA offers two significant advantages over WEP:
  • An encryption key differing in every packet. The TKIP (Temporal Key Integrity Protocol) mechanism shares a starting key between devices. Each device then changes its encryption key for every packet. It's extremely difficult for hackers to read messages - even if they've intercepted the data.
  • Certificate Authentication (CA) can be used, blocking a hacker's access posing as a valid user.
• WPA computers will communicate with WEP encryption, if they can't use WPA with a particular device.
• A Certificate Authority Server is part of the recommended configuration, to allow WPA computers assurance that the computers with whom they share keys are who they claim to be.
• Since WPA adds to packet size, transmission takes longer. The encryption and decryption are slower for devices using software instead of dedicated WPA hardware.
• The EAP types supported by WPA-Enterprise are:
  • EAP-TLS
  • EAP-TTLS/MSCHAPv2
  • PEAPv0/EAP-MSCHAPv2
  • PEAPv1/EAP-GTC (Cisco-based implementation)
  • EAP-SIM
    
    

To learn more about how to configure your security settings and secure your wireless network.