Skip to main content

What is Wi-Fi Protected Access (WPA)?

When we use a wi-fi connection, we send data from our computer to an access point, which then sends it to a server via the internet. The access control of a data stream is only as strong as its weakest link, and the wireless link from your computer to the access point is frequently the weakest link.

While your traffic is in transit between your computer and the access point, it can be sniffed by anyone within range of the wireless signal. Because of these reasons, The IEEE Institute of Electrical and Electronics Engineers published a security protocol for providing secure wireless (Wi-Fi) networks.

The IEEE has published standards for creating a network in which machines can connect wirelessly in 1997. The standard's name is WLAN IEEE 80211. Although wireless connectivity is far better compared to wired connectivity, it has been updated several times since its inception. There was nothing to prevent an attacker from joining a communications system and trying to capture traffic or injecting malicious traffic if there are no protection restrictions in place in a WLAN system.

Wireless Security Protocols

Figure 1. Wireless Security Protocols

Security protocols for confidentiality, integrity, & authentication have been established to solve this concern.

There were three major security protocols for IEEE 802.11

  • Wired Equivalent Privacy (WEP),
  • Wi-Fi Protected Access (WPA),
  • Wi-Fi Protected Access II and then The Wi-Fi Alliance released the fourth protocol,
  • Wi-Fi Protected Access III (WPA3)

to the public on June 25, 2018.

In this article we will explain the Wi-Fi Protected Access (WPA) protocol in the following aspects:

  • What does WPA mean?
  • How does WPA work?
  • What are WPA features?
  • What are the types of WPA?
  • What is the difference between each type?

What does Wi-Fi Protected Access Mean?

WPA (Wi-Fi Protected Access) is a security standard for computer devices that communicate with each other and connect to the internet over a wireless connection.

To protect the Wifi networks an authentication mechanism, simply a password is used. To be able to connect to a Wi-Fi network using our devices such as a laptop, tablet, or smartphone , we must choose a network (SSID)name and enter a valid password.

Because of these security protections, network protocols WEP, WPA, WPA2, and WPA3 are some of the protocols that are used to secure a Wi-Fi network.

Let's look at what security protocols are available to understand the subject more comprehensively.

WEP, or Wired Equivalent Privacy, was developed in 1999 as the first security procedure being used for wireless networks, as well as, as the name implies, wired networks. However, the wireless network was not secure, because it had already been discovered that the WEP 40-bit encryption key was vulnerable and insecure, making it easily hackable. As a result, WEP is no longer used today, and modern wireless routers will not even provide this as an option. So a better security protocol was needed for wireless networks.

WEP was updated due to security vulnerabilities, and then WPA was introduced as a new wi-fi-protected access protocol. This protocol was another wireless security protocol that was developed to tackle the concerns with WEP. WPA is far exceptional to WEP because it uses a stronger encryption method known as TKIP, which stands for Temporal Key Integrity Protocol. TKIP dynamically changes its keys as it is used, ensuring data integrity. Even though WPA is more secure than WEP, we still required more secure solutions due to TKIP's vulnerabilities.

WPA2 was created to be much more secure than WPA. It accomplishes this using the AES, a more secure encryption method. In contrast to WEP and WPA, WPA2 uses the AES standard rather than the RC4 stream cipher. WPA's TKIP is replaced with CCMP.

WPA3 is the next generation of wireless security. According to the official Wi-Fi website, WPA3 was introduced in 2018. WPA3 brings to the market cutting-edge security protocols.

It adds new features to simplify Wi-Fi security and enable more robust authentication, as well as increased protection against password guessing attempts.

We've surrounded a few password-protected security protocols, but there is another wireless security method that doesn't require you to type in a password, and it's known as WPS. WPS stands for Wi-Fi Protected Setup, and it was designed for people that know little about wireless networks to make integrating their devices to a wireless network as simple as possible. There are a few different methods for using WPS, but the button method is the most common. With this method, you can get connected easily by pressing a couple of buttons. WPS is the simplest way to connect to a wireless network, and many manufacturers have developed their wireless equipment with WPS in mind. And this is to make it as simple as possible for their customers to join their device to a wireless network

How Does Wi-Fi Protected Access Work?

We should be careful while connecting to internet access, if the access point asks for a password, it is most likely using encryption. If it is open and doesn't ask for a password, your traffic is vulnerable to sniffing. We need security protocols for a safe internet connection.

If you manage an access point and your devices do not provide WPA3, you should at least set it up to use WPA or WPA2 ( the IEEE 802.11i equivalent.) encryption to encrypt traffic between your computer and the access point.

Each WPA version has two modes of operation

  1. Pre Shared Key (PSK)

Designed for home or small networks, it uses a public pass-phrase for all the users. This system is easy to set up. Unfortunately, if one device is compromised, the password needs to be changed on every device on the network.

  1. Enterprise Modes

Also referred to as WPA-802.1x, it is designed for medium or big networks. This system has a RADIUS server and the clients use their private identifier to connect to the network. This is more difficult compared to the PSK mode setup. However, user-by-user management is possible. If a device is hacked, its access can be revoked without affecting the other devices.

WPA and WPA2 protocols share a common stage of a three-phased initial setup.

3 Phases of WAP and WAP2

Figure 2. 3 Phases of WAP and WAP2

The three phases are:

  1. Discovery

Three messages are sent during the discovery phase. The STA advertises security capabilities and negotiates cipher suites with the AP.

  1. Authentication

In the authentication phase, the STA and AP agree on the master key (MK) and derive the pairwise master key (PMK) based on the MK. In the PSK mode, the MK is obtained from the pre-shared password, but in the enterprise model, the MK is created by the AS and securely provided to the AP and STA through RADIUS and 802.1X, respectively.

  1. Key management

Using the four-way handshake, both parties generate the pairwise temporal key (PTK) and confirm possession of the same PTK. The PTK is unique in each association since it is derived from the PMK and two random numbers are picked by each side for a particular association.

In terms of authentication, WPA and WPA2 are very similar.

Furthermore, even if you are using WPA, the access point must be configured. WPA only encrypts data exchanged between your device and the access point; if the access point is not trusted, the owner of the protected data must use another means.

WPA distributes encryption keys automatically adding a new layer of security to the data encryption process. Encryption keys protect even the smallest amount of data. This solution also provides comprehensive data control preventing people who want to acquire the data from changing the information.

WPA authenticates each user on the network and prevents unauthorized users from entering networks. It is designed for data theft to protect corporate users

The WPA3 have these four phases:

  1. Authentication process

A variety of Extensible Authentication Protocol (EAP) mechanisms are used.

  1. Authenticated encryption process

Advanced Encryption of at least 128 bits Standard Counter Mode with Cipher Block Chaining Message Authentication (AES-CCMP 128)

  1. Key derivation and confirmation process

Hashed Message Authentication Mode (HMAC) of at least 256 bits using Secure Hash Algorithm (HMAC-SHA256)

  1. Robust management frame protection process

Broadcast/Multicast Integrity Protocol Cipher-based Message Authentication Code of at least 128 bits (BIP-CMAC-128)

What are WPA Features?

The features of the two latest WPA versions, WPA2 and WPA, are summarized below;

Among the WPA2 security upgrades and bug fixes are improvements to authentication encryption and strong default settings for robustness and resilience.

WPA3 adds new safeguards to protect personal and enterprise networks from new vulnerabilities; password guessing attempts are better protected for personal network users whereas enterprise users can benefit from high-level security algorithms when handling and transmitting sensitive data and internal information. One of the most important aspects of WPA3 is that security is improved while complexity remains unchanged.

As a result network administrators in WPA3 can choose passwords that are easy for their network users to know without worrying about online or offline password guessing attacks data traffic that has already been sent is protected from prospective password compromises by using an ephemeral secret key

The features of all WPA versions are detailed in the next section.

What Are the Types of Wi-Fi Protected Access?

There are the 3 versions of WPA Industry certification;

  1. Wi-Fi Protected Access (WPA)

  2. Wi-Fi Protected Access II (WPA2)

  3. Wi-Fi Protected Access II (WPA3)

1. WPA

WPA is a wireless network encryption standard. This standard was developed as part of the IEEE 802.11i standard and was formally adopted in 2003.

Despite the significant improvements of WPA was over WEP and the ease of implementation across the embedded devices, but unfortunately, the developed protocol was suffered from the same problem of the previous version that involves the security vulnerability against the intrusion activities and it was facing some problems as a result ;

  • The main additional prominent part in the WPA protocol is the WPA-PSK (Pre-Shared Key) that deals with a 256-bit encryption scheme.
  • Another significant change involves the message integrity checks that detect the packed altering or any data modification by the attacker.
  • WPA safeguards data by encrypting it and requiring user authentication.
  • WPA automatically distributes encryption keys, adding a new layer of security to the data encryption process. Encryption keys protect even the smallest amount of data. This solution also includes comprehensive data control, which prevents data purchasers from altering the information.
  • The WPA also includes the Temporal Key Integrity Protocol (TKIP) that is used as a per-packet key system and is considered more trusted than the fixed key system of the previous WEP protocol. Later on, the TKIP encryption protocol was replaced by the Advanced Encryption Standard (AES) algorithm
  • WPA verify so every internet client and restricts people from entering the system to protect corporate users

2. WPA2

In 2006, the wireless security protocol WPA2 was adopted as a replacement for the WPA protocol.

  • Since the previous protocol does have some penetration troubles but on a much relatively small scale. The use of (Counter Cipher Mode with Block Chaining Message Authentication Code Protocol) CCMP as an option to TKIP in the previous version is one of the most significant differences between the WPA and WPA2 protocols.
  • However, the security vulnerabilities in this protocol are generally minimal, but it is still a security concern.
  • Improvements to authentication encryption and strong default settings for solidity and adaptability are among the wpa2 security upgrades and bug fixes.
  • WPA2-PSK (Wi-Fi Protected Access 2 Pre-Shared Key) networks are secured by a single password shared by all users.
  • We can see that the routers support both WPA and WPA2, which is a mixed security option. This option enables WPA and WPA2 at the same time so it will use both TKIP and AES security. The reason for this option is for compatibility as some older devices such as those produced before 2006 may be inconsistent with the AES encryption used with WPA2.

3. WPA3

In June of 2018, the Wi-Fi Alliance announced Wi-Fi Protected Access 3 (WPA3). On 1st July 2020, WPA3 became mandatory for Wi-Fi-certified implementations. WPA3 is the third generation of WiFi Protected Access, which is the security technology used in Wi-Fi connections.

Because of the COVID-19 pandemic, more people are working from home than ever before, making the security of home Wi-Fi more important than ever.

  • WPA3 includes additional features that enhance Wi-Fi security, enable more robust authentication, and provide stronger cryptographic strength.
  • WPA3, STA can choose a key size for encryption between 128 and 256-b.
  • WPA3 routers use the Wi?Fi Certified Enhanced Open standard
  • WPA3 Wi-Fi Security employs 384-bit Hashed Message Authentication Mode when transferring encryption keys between the router and devices.
  • Another enhancement is the Wi-Fi Device Provisioning Protocol (DPP) to replace the readily exploitable Wi-Fi Protected Setup (WPS).
  • Devices can be authenticated to join a network without a password using DPP in including QR codes or NFC tags.

What is the Difference Between WPA vs. WPA2 vs. WPA3?

One thing is clear from the facts listed above: from WEP to WPA3, each security protocol improved on its predecessors. Each security protocol uses a unique encryption method.

Difference between WEP and WPA

Some of the most important base differences between WEP and WPA include the following:

  • WEP uses the RC4 algorithm. Because it uses small keys, RC4 is regarded as a weak algorithm.
  • The length of the encryption keys is one of the major advantages of WPA over WEP.
  • WPA employs a 256-bit key, whereas WEP employs 64-bit and 128-bit keys. The longer the key, the more difficult it is for a hacker to crack. Even with a powerful computer, decrypting a WPA key will take at least just a few hours, so most hackers won't bother unless they're dead set on breaking into a network. WPA was created to replace WEP and address the vulnerabilities of Wi-Fi networks.
  • WPA employs TKIP, a much better algorithm than RC4.
  • Another critical parameter to consider is the size of the session key. The original Wi-Fi security protocol (WEP) used 40-bit encryption. WAP, on the other hand, addressed this vulnerability by replacing 40-bit encryption with 128-bit encryption in enterprise mode, the newly released

Difference between WPA, WPA2

Some of the most important base differences between WPA and WPA2 include the following:

  • While WPA uses TKIP encryption, WPA2 was released with AES-CCMP encryption, which is more powerful than TKIP and RC4.
  • WPA2 is easier to configure than the prior options.

Difference between WEP, WPA, WPA2, and WPA3

Some of the most important base differences between WEP and all WPA versions include the following:

  • WAP3 can use a 192-bit session key. It is critical to understand that as key bit size increases, the level of effort required to crack a wireless network password grows.
  • WPA3 replaces the inefficient four-way handshake method of WPA and WPA2 with a considerably more efficient and quicker handshake technique. Simultaneous Authentication of Equals Handshake is the handshake mechanism used in WPA3.
  • A modern and high-end network is required to use WPA3 exclusively without WPA2 fallback. Most modern Internet of Things (IoT) hardware, including legacy devices, will be unable to connect to such a network. It will take a long time for WPA2-only devices to be updated or replaced in a heterogeneous and organically grown network of devices. Many smart home and Internet of Things devices do not support WPA3.
  • Previous security standards (WEP, WPA, WPA2) allowed either Open System authentication or Shared Key authentication between the client and the AP. WPA3, on the other hand, requires only Simultaneous Authentication of Equals (SAE).
FeatureWEPWPAWPA2WPA3
Encryption AlgorithmRC4TKPIAES-CCMPAES
Size of the Session Key40-bit encryption128-bit encryption128-bit encryption192-bit-encryption
Key ManagementNot ProvidedThe inefficient four-way handshake mechanismThe inefficient four-way handshake mechanismSimultaneous Authentication of Equals (SAE) of the handshake mechanism

Table 1. Comparison of WEP and WPA protocols

The most important differences between WPA protocols mentioned above can be concluded as follows:

  • WEP was the initial Wi-Fi security standard, however, it was deprecated in 2004 due to security issues.

  • The most advanced Wi-Fi Security protocol available today is WPA3

  • WPA3 addresses all the vulnerabilities of WPA and WPA2.

  • You can ensure your online privacy and security by using up-to-date hardware that supports WPA3 preferably or at least WPA2.

How do I find my WPA Key for my Router?

Youm may find your WPA key on your router in two ways:

1. Finding the Network Security Key on and router's IP address in Windows OS

You may find your router's IP address by following the next steps:

  1. Click on Run or press the Windows key + R in this window type CMD and click OK
  2. This will open the command prompt then type ipconfig in the command prompt
  3. Press Enter when you press ENTER to look for the default gateway IP address
  4. Type this IP in the address bar in your internet explorer or this case Firefox and press
  5. Now you will be prompted to type your username and password
tip

if you don't have your username and password In that case, please check the router's manual for further information. If you don't remember your username or password, the default information should be included in the manual. You might have to reset your router if you are not able to log in.

  1. Find Security, Wireless Security, or Wireless Settings tab in the menu.

  2. Open the tab and locate the WPA Password.

2. Finding the Network Security Key on a Router

You may be unable to access internet services if you do not have the network security key, as the key guarantees that your devices can connect to the router. A router's network security key is often found on a label on the device's bottom or back. The key on the label of a router may be marked as "security key," "WEP key," "WPA key," or "passphrase."

The network security key on a router can usually be found close to the wireless network name. It is advisable to change the default key after the key is used to access the network. It is important to set a strong password as your wireless network is broadcast to everyone.