WLAN encryption is a key issue when it comes to security in your own network with a router. First of all, WEP was the first approach to encryption. WPA corrected its worst errors and further developed it with WPA2 in 2004. Does it all sound confusing at first? And what role does WPS play? We explain all terms and differences below.
What is WPS?
WPS stands for WiFi Protected Setup and describes a standard for adding devices to an encrypted network. You can integrate different WLAN clients into the wireless network by pressing a button on the router, entering a PIN or NFC. This makes typing passwords in manually redundant. The WPS standard was established in 2007 by the Wi-Fi Alliance (WFA).
The technology describes an auxiliary system with which devices are integrated into the wireless network. In contrast, WPA is an encryption method for a wireless network. In the next section you will learn in more detail what WPA is and which improvements WPA2 brings with it.
What are WPA and WPA2?
WPA is an encryption method for WLAN networks and stands for WiFi Protected Access . After Wired Equivalent Privacy ( WEP ) had proven to be insecure, WPA was established as its successor.
WPA contains the architecture of WEP, but brings additional protection through dynamic keys. These are based on the Temporal Key Integrity Protocol (TKIP). So-called pre-shared keys (PSK) are used here to authenticate participants, which means something like a key that was previously agreed upon together. In terms of security, WPA was a crucial update to WEP. However, German scientists managed to bypass the security mechanism in WPA-secured networks within 15 minutes. A lecture at PanSec 2008 showed how fast corrugators can be cracked. For these reasons, security experts have recommended switching to WPA2 as soon as possible.
Since 2004 the WFA has been marketing the process standardized as 802.11i as WPA2 which is now preset at the factory for almost all devices. You will no longer find a router delivered with WLAN functionality without a password in this form. The main change from WPA to WPA2 is the use of the Advanced Encryption Standard ( AES ). This encryption standard offers additional protection against attacks.
The primary goal is always to protect your WLAN from hackers. But WPA2 also has weak points. In particular, an attack method called "KRACK" became famous in 2017..
The next generation of WLAN security: WPA3
The successor to WPA2 is WPA3 and was adopted by the WFA as a new security standard in 2018. In addition to significant improvements in authentication and encryption, WPA3 also eliminates the KRACK security gap. This is circumvented using a new type of handshake procedure. With this new handshake, WPA3 supports "Forward Secrecy". This means that old data traffic cannot be decrypted retrospectively - not even if the password is known at a later point in time. This is not the case with WPA2. WiFi Protected Access 3 also uses 192-bit encryption and thus offers the highest security standards.
Nevertheless, the same applies to WPA3: A network can meet the highest encryption standards, but without a secure password it will always be vulnerable to brute force attacks. We therefore recommend using a password that is long enough. Processes such as diceware with a high entropy are particularly suitable.
