Often times, the second version of an application or protocol is better than the first one. Fortunately, this is also the case for WPA2, which is much more secure in comparison with the first version of the Wireless Protected Access (WPA) protocol.
WPA2 was introduced back in 2006, with the goal of boosting the wireless encryption level. In fact, the main reason for WPA2’s introduction was the replacement of the Temporal Key Integrity Protocol (TKIP) encryption mechanism, which had some serious security holes.
It’s true that with WPA2, routers need to work harder, due to the advanced encryption algorithms, which require more computing power. Some people think that this will diminish the speed of the Wi-Fi network, but from my experience the speed loss is minimal, while the security benefits are huge.
Everything started with the WEP protocol, which can now be cracked within minutes using a cleverly built app and a regular smartphone. And the explanation for the protocol encryption weakness is quite simple: the encryption key is transmitted together with each data packet. This means that if people have access to enough data packets (read “time at their disposal”) they can easily find out the wireless network password. Many use high gain antennas, plug them into their laptops using standard Wi-Fi antenna cables, and then are able to connect to networks that are hundreds of yards away.
WPA, the next iteration of the Wi-Fi security protocol, offered TKIP encryption, scrambling the encryption key and verifying its integrity on a regular basis. It was a much better option, but still not good enough, because TKIP is vulnerable. But with WPA2, TKIP was replaced with the much stronger AES encryption protocol.
It may sound weird, but some routers are able to support the WPA2 protocol in conjunction with the AES/TKIP combo. This way, the router will be able to serve even older clients, which are unable to connect using the newer AES protocol.
The most used WPA2 security key is PSK (pre-shared key). This key can have a length of up to 64 digits, and is also known as “WPA2 Personal”.
So, if your router is configured to run using the WPA protocol, it’s time to switch it to WPA2. And if it doesn’t support WPA2, it’s time to replace it with a modern router – if you care for your network’s integrity and security, of course.
Truth be told, some WPA routers are able to speak AES as well. These routers were released on the market before the WPA2 standard was finalized, and they may do the job, protecting your Wi-Fi password from prying eyes. It’s important to verify if all the network clients support the WPA-AES mode, though. A diagram which shows a part of the encryption mechanism is displayed below.
So, is WPA2 the best security protocol out there? The answer is a firm YES! And yet, there is an issue with the second version of WPA – and it’s a big one!
A WPA2-exclusive feature called Wi-Fi Protected Setup (WPS) can cause serious security problems. WPS was designed with the goal of simplifying the process of connecting a client to the Wi-Fi network. Simply push a button on the router and another one on the new device, and the new client will be automatically connected to the network! Isn’t that nice?
But if your router’s WPS is activated, a hacker who has discovered the WPS pin will be able to find out the WPA2 key without too much effort. Basically, you are trading a complex, hard to break password for a much easier to guess WPS pin.
This is the main reason why I will never enable WPS on any of my routers. I strongly recommend that you should do the same, even if you will have to add each new client to the network manually, connecting it to the network and inputting the requested password.
It’s a process that may take a minute or so per device, but it will allow you to sleep well at night, knowing that your files and shared resources are 100% secure.