Currently, the best way to secure your wireless networks is using Wi-Fi Protected Access v2 (WPA2). However there are still some issues regarding how this system functions. Last year’s KRACK vulnerability has proven that
this 13 year old security protocol needs redone.
At this year’s Consumer Electronics Show (CES2018), the Wi-Fi Alliance debuted the version 3 of WPA, increasing the security capabilities of the process in several ways.
WPA3 will now support 192-bit encryption natively (with an assumed 48-bit initialization vector) and the Dragonfly Protocol (aka: Simultaneous Authentication of Equals (SAE)). Even the link between the device and the router, for example in on a public network, will be entirely encrypted as well.
The Dragonfly Protocol (SAE) allows for a cryptographically strong shared secret for securing other data– e.g. network communication. SAE is resistant to passive attack, active attack, and dictionary attack. It provides a secure alternative to using certificates or when a centralized authority is not available. It is a peer-to-peer protocol, has no asymmetry, and supports simultaneous initiation. This will take most of the pressure off of users who do not create secure of varied enough network passwords and make linking devices (mesh networks) easier and just as secure.
The Wi-Fi Alliance has just finalized the spec on WPA3, so don’t look for it to enter the consumer realm in the current hardware cycle. Devices that feature WPA3 abilities are expected to reach the market in Q3 of 2018. WPA3 will only work if both devices are capable of using it and first party support from all major operating system vendors is expected in a timely manner. Until then and even after, WPA2 is not going away entirely. This cut over to WPA3 will be a natural and gradual process as new equipment and software come out that can utilize it.
While waiting for WPA3 firmware and hardware to be released to the public, currently the safest method of securing your WIFI is to utilize WPA2 security with AES encryption. While there are ways around WPA2, the likelihood of that happening compared to other security measures is quite low. Other best practices is to remember to rotate your password every few months or not broadcasting your SSID so people out snooping won’t even see your network. It’s also a good idea to log into your router and check the various devices attached to your network and take an inventory every few months as well.