WEP, WPA, WPA2, and WPA3: Differences explained
WEP, WPA, WPA2, and WPA3 are Wi-Fi security protocols that prevent unauthorized access and eavesdropping on wireless networks. They protect your data sent over a Wi-Fi network by encrypting it so that intruders can’t read it. But how do these four Wi-Fi security protocols differ? Read on to find out.
Table of Contents
Table of Contents
What is WEP?
Wired Equivalent Privacy (WEP) is the first security protocol, introduced in 1997, to secure the data on wireless networks. WEP’s goal is to secure wireless communications by encrypting it and prevent cyberattacks.
WEP encrypts web traffic using 64- and 128-bit encryption keys. These keys allow you to connect to a wireless-security-enabled network. WEP uses static keys, which means that each authorized system on the same network receives and exchanges encrypted messages using the same key. The content of the messages remains hidden from intruders who do not have the key.
Over time, hackers discovered security flaws in the WEP security standard. As computing power increased, they could more easily crack the encryption and gain access to the Wi-Fi networks secured with the WEP protocol. Cybersecurity experts no longer recommend using WEP. Instead, they recommend WPA and its upgrades, which offer better security benefits.
What is WPA?
Wi-Fi Protected Access (WPA) is an improved encryption standard for Wi-Fi network protection, released in 2003. It was developed for better data encryption and user authentication on wireless networks and addressed the static key vulnerability found in WEP.
Unlike WEP that encrypts each transferred package using the same static key, WPA uses the Temporal Key Integrity Protocol (TKIP), which generates a new key for each packet transmitted over the network. When the key changes each time, attackers have less information available to them, which makes it more difficult for them to hijack a data package. TKIP prevents intruders from creating their own keys that match the one used on the wireless network. WPA uses a 128-bit encryption key and includes message integrity checks to determine if an intruder has intercepted and altered data packets. However, despite these security upgrades, hackers have found ways to exploit WPA, which led to WPA2.
By the way, does the phrase “WPA key” sound familiar? Don’t be surprised if it does — a WPA key is the password you use to connect to your wireless network. Usually, you can find your default Wi-Fi password on the back of your router. You can — and should — change your default router password to a stronger one to protect your network from cyberthreats, such as the man-in-the-middle attack.
What is WPA2?
WPA2 is an improved version of the WPA wireless security protocol. Introduced in 2004, WPA2 has been widely adopted and is considered the industry standard for securing Wi-Fi networks. Most routers and Wi-Fi connections use WPA2. Its main improvements include:
- Stronger encryption. WPA2 uses the Advanced Encryption Standard (AES). AES is more secure than RC4, the encryption standard used in TKIP and WEP. The Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) is also used to verify the integrity of encrypted packages.
- Robust authentication. WPA2 operates in two modes, personal and enterprise. Personal mode or the Pre-Shared Key (PSK) relies on a shared passcode or key known to both the access point and the client device. It’s typically used for home network security. Enterprise mode uses the more advanced Extensible Authentication Protocol (EAP) and utilizes an authentication server and individual credentials for each user or device. Enterprise mode is best suited to companies and businesses.
What is WPA3?
WPA3 is the latest and most secure of the Wi-Fi Protected Access security protocols. Released in 2018, WPA3 adds extra security to both personal and enterprise modes. It addresses the KRACK (key reinstallation attacks) vulnerability discovered in WPA2 in 2017. WPA3’s security benefits include:
- Stronger data encryption. WPA3 uses individualized data encryption to improve the security and privacy of Wi-Fi networks. Each data transmission is encrypted using its own unique encryption key. If an attacker intercepted encrypted traffic, they would face a severely complex task of decrypting each individual transmission separately. WPA3 uses longer encryption keys: a 192- key for personal mode and a 256-bit key for enterprise mode.
- Simultaneous Authentication of Equals (SAE) protocol. In WPA3, AES is implemented using the SAE protocol that provides better protection against offline attacks and password-guessing attempts by using stronger cryptographic algorithms and a more secure key exchange method. Features like this make wardriving and other hacker tactics less effective.
- Improved brute force attack protection. WPA3 protects you from dictionary attacks and brute force attacks in which hackers use the trial-and-error method to crack your Wi-Fi passwords, login credentials, and encryption keys.
Even though WPA3 provides the best wireless security compared to its predecessors, it is not yet dominant for a few reasons:
- Device incompatibility. WPA3 is a relatively recent Wi-Fi security standard, so many existing devices like smartphones, laptops, and IoT devices do not support it.
- Lack of infrastructure support. In many cases, if you want to upgrade to WPA3, you have to buy new hardware, for example, a new wireless router compatible with WPA3, which discourages many users.
- A lengthy transition period. All Wi-Fi security protocols experience a transition period, during which networks have to support backwards compatibility with devices that support older protocols. WPA3’s transition has been slow.
- User awareness. Many Wi-Fi users do not know about different security protocols and specifically about the differences between WPA, WPA2, and WPA3. With little consumer demand for routers and other devices compatible with WPA3, manufacturers are in no rush to offer WPA3 compatibility.
WEP vs. WPA vs. WPA2 vs. WPA3
Wireless security protocols WEP, WPA, WPA2, and WPA3 have the same goal — to protect wireless networks from unauthorized access. While WEP does that by providing basic encryption for wireless networks, WPA, WPA2, and WPA3 aim to improve the security of wireless connections by introducing stronger encryption and authentication methods as displayed in the table below:
Wi-Fi security protocol | Key management approach | Encryption size | Protocols used |
---|---|---|---|
WEP | Static keys | 64-, or 128-bit | RC4 (Rivest Cipher 4) |
WPA | Dynamic keys | 128-bit | RC4 (Rivest Cipher 4) |
WPA2 | Dynamic keys | 128-bit or 265-bit | AES (Advanced Encryption Standard) using CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) |
WPA3 | Dynamic keys (unique keys, individualized data encryption) | 192- and 256-bit | GCM (Galois-Counter Mode) using SAE (Simultaneous Authentication of Equals) |
To sum up, WEP is an outdated Wi-Fi security protocol that you should avoid. WPA is a replacement for WEP and uses stronger encryption. Currently, WPA2 is the dominant wireless security protocol. Most current devices, including smartphones, laptops, and wireless routers, have built-in support for WPA2. Even though WPA3 is the most advanced security protocol, it has not yet spread as wide as WPA2 mostly due to compatibility issues.
Which wireless network security protocol should I choose?
You should choose the most current and most secure wireless security protocol, but take into account your device compatibility. Consider these points before making a choice:
- Go for the most secure protocol — WPA3 — if your network infrastructure supports it, because WPA3 addresses the vulnerabilities present in the previous protocols. Check your router and other devices to see which Wi-Fi security protocols they support. Make sure that the protocol you choose is compatible with your devices.
- Choose WPA2 if your network does not support WPA3. WPA2 uses strong encryption and security features, and it is supported by most devices used at home and in corporate environments. If possible, try to avoid using WEP and WPA.
- Keep an eye out for the latest industry standards and recommendations for Wi-Fi security protocols and the most secure routers to make sure you choose the best one for you.
How to find out which wireless network security protocol I am using
If you are concerned about your wireless security, check your devices to see which security protocol they are using. You can follow these easy instructions for Windows 10, Windows 11, Android, and macOS devices.
Find out your Wi-Fi security type for Windows 10
- Click on the network icon on the bottom right corner of the screen.
- A list of available Wi-Fi networks will appear. Locate the network you are currently connected to and right-click on it.
- In the menu, select “Properties.” The Wi-Fi network’s properties window will open.
- In the properties window, find the “Security” tab.
- Under the “Security” tab, locate a section called “Security type” or “Encryption type.” There you will see the security protocol used by the Wi-Fi network.
Find out your Wi-Fi security type for Windows 11
- Click on the network icon on the bottom right corner of the screen.
- A list of available Wi-Fi networks will appear. Locate the network you are currently connected to and right-click on it.
- In the menu, select “Properties.” The Wi-Fi network’s properties window will open.
- In the properties window, you will see a section called “Network and internet settings.” Click on the link that says “Network and internet settings.”
- In the window that opens, in the left sidebar, click on “Wi-Fi.”
- Under the “Wi-Fi” settings, you will see the Wi-Fi network you are connected to. Click on the network name.
- This will open the network settings window. Scroll down to the “Properties” section.
- There you will find a field called “Security type” or “Encryption type.” This field will display the Wi-Fi security protocol used by the network.
Find out your Wi-Fi security type for Android
- Open “Settings” on your Android phone. You can usually find it among your other apps or by swiping down from the top of the screen and tapping the gear icon.
- In the “Settings” menu, look for the “Wi-Fi” or “Network & internet” option and tap on it.
- You will see a list of available Wi-Fi networks. Find the network you are currently connected to and tap on it.
- A network details screen will appear, showing information about the selected Wi-Fi network.
- Look for the “Security” or “Security type” field. This field will display the Wi-Fi security protocol used by the network.
Find out your Wi-Fi security type for macOS
- Press and hold the “Option” (⌥) key.
- Click on the Wi-Fi icon in the toolbar.
- This will show your network details, including your Wi-Fi security type.
Using an advanced security protocol and changing your Wi-Fi password to a unique one will improve your Wi-Fi security, but you can also add an extra layer of protection with a VPN. It will hide your IP address and route your traffic through an encrypted tunnel. A VPN is especially useful for avoiding dangers of public Wi-Fi because you can never be sure if some snooper is not trying to sneak a peek into your online activities or intercept your data.