WPA-Enterprise is a security protocol for Wi-Fi networks. It is often used when security and scalability are particularly important, such as in business or agency networks.
While WPA-Enterprise is more secure than the WPA-Personal, it is also more difficult to implement. As a result, WPA-Personal is the security protocol of choice for consumer Wi-Fi routers, such as the ones supplied to households by internet service providers.
How WPA-Enterprise works
For authentication, WPA-Enterprise uses the Extensible Authentication Protocol (EAP). The EAP is not tied to a single authentication mechanism — the administrator can choose the method (such as password verification or digital certificates) that best matches the needs of the network.
When a user attempts to connect, the authentication check is performed by a RADIUS (Remote Authentication Dial-In User Service) server. This server verifies the provided credentials using the chosen EAP method and, if the user’s credentials are in order, notifies the access point to let them in.
WPA-Enterprise can encrypt network traffic using either the Temporal Key Integrity Protocol (TKIP) or the Advanced Encryption Standard (AES). WPA-Enterprise rotates the encryption keys periodically for security purposes — this means that if attackers intercept network traffic, they don’t have long to decrypt the data.