The Wi-Fi Alliance, a consortium that certifies Wi-Fi products, has announced the next-generation network security protocol for Wi-Fi communication, dubbed Wi-Fi Protected Access 3 (WPA3 for short).
Although reported as vulnerable, the WPA2 protocol used by billions of devices worldwide “continues to provide reliable security,” according to the Alliance.
The organization – whose members include tech giants like Apple, Intel and Microsoft – issued a press release on Monday announcing key enhancements and new features for Wi-Fi Protected Access (WPA). The enhancements are to be deployed both for the current WPA2 implementation, and as part of the new WPA3.
Since WPA2 will still be deployed for years to come (as aligning everyone to the yet-unreleased WPA3 will take a considerable amount of time), the Wi-Fi Alliance plans to keep improving WPA2 “to ensure it delivers strong security protections to Wi-Fi users as the security landscape evolves.”
As some readers will remember, a researcher from the University of Leuven last year discovered a critical flaw in the WPA2 standard that left virtually all Wi-Fi-connected devices vulnerable to attack. The standard is still not bulletproof, but the Alliance pledges to strengthen it with:
- Protected Management Frames to maintain the resiliency of mission-critical networks
- Testing enhancements to reduce the potential for vulnerabilities due to network misconfiguration
- Centralized authentication services to safeguard managed networks
As part of the WPA3 deployment (the launch date is yet to be set, apparently), four major enhancements will benefit regular users and service providers alike.
Two of them will ensure robust protections even when users choose “passwords that fall short of typical complexity recommendations,” while simplifying the configuration process for devices with limited, or no, interfaces.
Through individualized data encryption, WPA3 will further strengthen privacy in open networks, while a 192-bit security suite will protect Wi-Fi networks with higher security requirements (i.e. government networks).
This is a Security Bloggers Network syndicated blog post authored by Filip Truta. Read the original post at: HOTforSecurity