|Router Security||WiFi Encryption and Passwords||
Website by |
|Table of Contents|
|WPA3||WEP, WPA and WPA2|
|WPA2 Enterprise||Wi-Fi Passwords|
Level Setting: All these types of encryption (WEP, WPA, WPA2, WPA3 and WPA Enterprise) apply only between a wireless device (computer, phone, tablet, IoT) and the router. Once data leaves the router and goes out on the Internet, none of this applies. If the data is a secure (HTTPS) web page, then it is encrypted twice in your home/office, once by the router (with WPA2 probably) and also by the website. When the encrypted web page is traversing the Internet, it is encrypted only once. If a wireless device in your home/office is using a VPN, then the data traveling between that device and the router is, again, double encrypted, once by the router (WPA2 probably) and once by the VPN. And yes, if the data in the VPN tunnel is a secure (HTTPS) web page, then it is triple encrypted while traveling over the air in your home/office.
Section updates: First added Aug. 3, 2018, Updated Nov. 3, 2018 | April 11, 2019 | May 18, 2021
May 18, 2021: In a nutshell: WPA3 is more secure that WPA2, but not in any meaningful way. So, don't upgrade your router just to get WPA3.
Improvement 1: With WPA2 it is possible for bad guys to listen to the over-the-air conversation when a device first joins a Wi-Fi network. The encrypted password is in that conversation and bad guys can save a copy of the conversation and guess a billion passwords a second. The official terminology for this is off-line brute force guessing. WPA3 makes it impossible to perform off-line brute force guessing. But, if the WPA2 Wi-Fi password is long enough, brute force guessing might take years, if not decades, to stumble across the password. How long is long enough? This changes over time but my best guess is 15 characters long.
Improvement 2: WPA3 adds Perfect Forward Secrecy (PFS or FS). To illustrate what this means, assume that bad guys captured all your Wi-Fi transmissions on Monday and learned your password on Tuesday. Without Perfect Forward Secrecy they could read the saved transmissions from Monday. With it, they can not. Here again, a sufficiently long WPA2 password offers protection from brute force attacks. However, if someone gives out the Wi-Fi password, then Forward Secrecy is nice to have, assuming you are important enough for bad guys to hang out near your home and record all the Wi-Fi traffic.
Improvement 3: WPA3 has a more secure alternative to WPS. But, the millions of existing devices that depend on WPS are not going to vanish in an instant. So, WPS still needs to be supported. And, many routers that only offer WPA2 do let you disable WPS. Better yet, some WPA2 routers do not even support WPS at all. The WPS replacement is called Wi-Fi Easy Connect and, like WPS, it is meant for wireless devices that have no screen or keyboard (typically IoT). As with everything nowadays, it depends on a smartphone. You scan a QR code on the router, then scan a QR code on the IoT device and it's on your network. I don't know how it works when the router is creating multiple Wi-Fi networks. I would not trust this for quite a while. New software protocols from the Wi-Fi Alliance are best avoided. Their history is one of very poor design. WPA3 itself, is their fourth crack at over-the-air encryption. Easy Connect may turn out to be very secure, but to me, the jury will be out for a couple years.
Improvement 4: Encryption without a password. This feature is called Wi-Fi Enhanced Open and it adds over-the-air encryption to networks that do not require a password. But there are so few "open" networks (not password needed), that I don't see this as a big deal.
- - - - -
April 11, 2019: The Wi-Fi Alliance, which sets Wi-Fi standards, has a history of screwing up. The organization is an industry disgrace. And, it seems that with the WPA3 standard, they are maintaining their miserable reputation. When some qualified techies (Mathy Vanhoef and Eyal Ronen) finally got to evaluate WPA3, they found lots of design flaws. To be clear, these are not coding flaws, they are poor design. Depending on how you count there are at least five design mistakes.
Their website documenting the flaws is Dragonblood. See also
- - - - -
As of July 2018, it is too early to walk about WPA version 3 (WPA3) with any authority. No one has yet kicked the tires on the protocol and it is not clear when devices will even support it. Anything that supports WPA3 should also support WPA2, so there won't be a big bang conversion.
The biggest flaw with WPA2, is that bad guys can make off-line brute force guesses of the Wi-Fi password. Billions and billions of guesses every second. WPA3 should eliminate this flaw. That said, a sufficiently long WPA2 password (over 15?, 16? characters) also eliminates the problem.
The improvements are scheduled in two phases, the first is known as WPA2 enhancements and it is expected to be released before the end of 2018. The second phase is full blown WPA3. WPA3 compliant products are expected to start appearing before the end of 2018. The WPA2 enhancements mandate the use of Protected Management Frames (PMF), more stringent validation of vendor security implementations, and improved consistency in network security configuration.
IEEE 802.11w, the standard that describes PMF, was ratified in 2009 becomes mandatory. Without it, management frames are transmitted unencrypted and their integrity is not verified. PMF ensures integrity of network management traffic, provides protection against eavesdropping, replay and the forging of management action frames. This protects against DoS attacks that use forged deauthentication/disassociation frames to kick clients off a network and force them to authenticate again.
Many wireless vulnerabilities are the result of poor implementation or misconfiguration. WPA2 enhancements will require additional tests on Wi-Fi certified devices to ensure both the use of best practices and that the products yield expected behaviors. The WPA2 enhancement also defines a set of secure cipher suites to prevent an attacker from exploiting a configuration weakness.
Currently Wi-Fi networks can be completely open, no password needed, no encryption used. This will no longer be possible with WPA3 which introduces Opportunistic Wireless Encryption (OWE). OWE provides individualized data encryption to Wi-Fi clients using public open networks. No more eavesdropping. The encryption process is transparent to users. They see and join the Wi-Fi network as they would an Open network. BIG improvement. Technically, OWE uses an unauthenticated Diffie-Hellman key exchange during association, resulting in a Pairwise Master Key (PMK) used to derive the session keys.
Writing for Network World, Eric Geier notes that Wi-Fi Enhanced Open is not officially part of WPA3. Although it is expected be added along with WPA3, it is, nonetheless, optional. Also optional is support for the un-encrypted legacy open connections.
Geier also points out some downsides to the way WPA3 handles Open networks. For one, the Wi-Fi client device may not be able to tell the difference between a secure WPA3 Open network and an insecure WPA2 open network. We just have to wait and see how each operating system handles this. And, shared folders on Wi-Fi clients will be available to everyone on the WPA3 Open network. Finally, it does nothing to defend against evil twin networks.
Another huge improvement was mentioned above, resistance to brute force password guessing. The WPA2 Pre-Shared Key (PSK) mode is gone, replaced by the WPA3 Simultaneous Authentication of Equals (SAE). The big improvement here is that SAE does not transmit the hash of the password in the clear. WPA2-PSK allows bad guys to listen for the password hash and then, when they have it, make a billion guesses a second to convert the hash to the password. SAE limits the number of guesses an attacker can make. The end user experience does not change with SAE, people still enter a password, just as they do now with WPA2-PSK.
With WPA3 each user connection to the router is encrypted with a different key. This is big. Without it, as on WPA2, anyone who knew the Wi-Fi password could spy on other users of the same network. Also, WPA2 did not offer Perfect Forward Secrecy (PFS or just FS). If someone was out to get you they could record your Wi-Fi traffic as it was transmitted over the air (or it could have been recorded by the ISP). With WPA2, once someone learned the Pre-Shared Key, they could go back and decrypt all the old transmissions. With WPA3 this is not possible. Old transmissions remain secret even as time moves forward.
Finally, WPS is being replaced with DPP (Device Provisioning Protocol). As with WPS, DPP aims to be a simple way for devices without a screen or keyboard to join a Wi-Fi network. A DPP-enabled device will have a built-in public key, and a network administrator can bring it onto the network in several ways. One approach is scanning a QR code on the DPP-enabled device with a phone. I am skeptical; anything that tries to be user friendly is likely to not be secure. We'll see how this plays out. As some devices require WPS, it can not be killed off completely. Like WPS, DPP introduces new terminology, a configurator and an enrollee.
The configurator will be a smart phone or tablet that is already part of the network and can provision new devices. How it gets the ability to provision new devices is not clear. How it loses the ability once it is lost or stolen is also not clear. WPS had 4 or 5 different modes of operation and so too does DPP. Devices can be granted access to the network by scanning a QR code, negotiation of a trusted public key using a passphrase/code, NFC, or Bluetooth. Ugh.
Wi-Fi devices have utilized AES with 128 bit keys for data protection for some time. WPA3 will mandate 256-bit encryption and use of CNSA approved cipher suites.
When will WPA3 be available? Eric Geier says a few WPA3 devices should appear by the end of 2018. WPA3 is currently (Nov. 2018) optional and may not be mandatory for as long as two years. While some devices may be upgradeable via software, others will require new hardware.
History tells us that the first version of the protocol is likely to be buggy, either due to the spec itself or specific implementations. And, using WPA3 requires support both in the router/Access point and in the client device (computer, tablet, phone).
A good article: WPA3: How and why the Wi-Fi standard matters by Larry Seltzer, Aug. 2018.
And: Google knows nearly every Wi-Fi password in the world by me September 12, 2013.
At first, you might be thinking what more is there to say about WiFi encryption? The basic rules have not changed in a long time and can be boiled down to USE WPA2. But, there is more to it.
Introduction: WiFi supports three different schemes for over-the-air encryption: WEP, WPA and WPA2 (WPA version 2). All of the options encrypt data traveling between a WiFi device and the router or Access Point (AP) that is the source of the wireless network. Once data leaves the router, bound for the Internet at large, WEP, WPA and WPA2 are no longer involved.
As noted everywhere, WPA2 is the best option. However, WPA2 is not a simple On/Off checkbox, there are further options. These additional options are TKIP, AES or CCMP. Do not choose TKIP. Doing so, means you are, in effect, using the less-secure WPA encryption. AES and CCMP are two names for the same thing. Whichever your router uses, chose it.
And, some routers may not offer just WPA2. I have seen routers that only offered a combination of either WPA or WPA2. Stand-alone or exclusive WPA2 is more secure.
Transitioning: A March 2017 article in PC Magazine, The Best Wi-Fi Mesh Network Systems of 2017 starts with a feature overview of nine different mesh systems. The most secure devices at the time offered WPA2: Plume, Eero, Securifi Almond 3 and Google Wifi. Two devices, Luma and Ubiquiti Amplifi still offered WPA (in addition to WPA2). In the "what were they thinking" category are devices that offered WEP: Netgear Orbi, Linksys Velop and Amped Wireless Ally Plus.
If you have an old wireless device that is capable of WPA encryption but not the more recent WPA2 variety, then create a new network on the router that uses WPA encryption and chose an extra long password for it. If possible, this should be a guest network that is isolated from the private network.
If you have an old device that is not capable of either WPA or WPA2 encryption (that is, all it can do is WEP), get rid of it. WEP should not be used.
For more on the old types of encryption see Wi-Fi Security: Should You Use WPA2-AES, WPA2-TKIP, or Both? by Chris Hoffman (December 2014).
Section updates: Sept 20, 2021. Sept. 21, 2019
What everyone knows as WPA2 encryption, is really WPA2 Pre-Shared Key (WPA2 PSK for short). It has also been called WPA2 Personal and it means that each Wi-Fi network (SSID) has one password. A router that creates three WPA2 PSK networks will have one password for each network (they can all be the same, each SSID is a free agent). While it is common to think that WPA2 PSK is the best Wi-Fi security available (at least prior to the release of WPA3) the reality is that WPA2 Enterprise is more secure than WPA2 PSK.
With WPA2 Enterprise there are multiple passwords for each network/SSID. In fact, to logon to a WPA2 Enterprise network a computing device needs to supply both a userid and a password. Large organizations (aka enterprises) love this as each employee gets their own userid/password. When someone leaves the organization, just their userid/password needs to be removed, the other employees are not impacted. And WPA3 Enterprise is also a thing.
I am no expert on WPA2 Enterprise, but I have dabbled in it and I use it every day.
By and large WPA2 Enterprise is too much for consumers. Many consumer routers are not able to create WPA2 Enterprise networks. For example, it is not available on mesh routers from Eero, Google, Linksys (Velop) or Ubiquiti (AmpliFi). It is available on Synology and Peplink routers.
When a router can create a WPA2 Enterprise network, the next issue is maintaining the list of Wi-Fi userids and passwords. This list is normally maintained by software known as a RADIUS server. When a WPA2 Enterprise SSID is created, you need to supply information on how to connect to a RADIUS server. The RADIUS server may reside on the same LAN as the router, in the router itself or it may reside somewhere in the cloud.
I suspect having a RADIUS server on the LAN is probably the most common way this is implemented. I use a Synology NAS device as my RADIUS server. Synology offers RADIUS software as a free download in their app store. QNAP does this too. A Synology NAS already supports multiple userids and these NAS userids/passwords become RADIUS/WiFi userids/passwords.
Another LAN-resident option is to use a Raspberry Pi and install FreeRADIUS software on it. For more on this see Simple & Secure RADIUS by Mike Cifelli.
The simplest option that I know of is offered on a Synology router. As far as I know, Synology is unique in letting you run a RADIUS server on the router itself. I have not tried this as I hated the one Synology router that I tested.
Be aware that some wireless devices, typically IoT devices, are not able to connect to a WPA2 Enterprise network. I have an Internet radio that can not connect to my WPA2 Enterprise SSID. WPA2 Enterprise is supported on desktop operating systems, Chromebooks, iOS and Android.
If nothing else, lots of bad guys have no idea how to hack into a WPA2 Enterprise network :-)
Never use the default Wi-Fi password(s). On newer routers the default password may be long and appear to be random. Nonetheless, change it.
As an example of why, the BBC had a story in May 2021 about family that went through "utter hell" for months after the police came to their home and took all their electronic devices as part of an investigation into images of child abuse being posted online. Most likely, an innocent family was accused because they had not changed either the Wi-Fi password or the router password. This is far from the only such story. Their router was no help, but a Peplink router can offer a ton of details, after the fact, that would have shown if bad guys had been on the network.
WPA2-AES (the same as WPA2-CCMP) offers poor security when the password is too short. Nothing can be done to prevent an attacker from capturing network traffic and using a brute force attack to decrypt it off-line, making billions of guesses a second.
Just how many billions of guesses per second? According to Paul Moore (Passwords: Using 3 Random Words Is A Really Bad Idea! October 2017) it varies based on the hashing algorithm. A computationally expensive algorithm, SHA512, slows things down to 8 billion a second. If a password is encrypted with SHA256, then we can expect 23 billion guesses/second, with SHA1 expect 70 billion/second. The fastest, and thus least secure, algorithm is MD5. Moore says MD5 is still very common and it can be brute-forced at the rate of 200 billion guesses/second.
The shortest password allowed with WPA2 is 8 characters long. A password of 14 or 15 characters should be long enough to defeat most brute force guessing. 16 would be better. The German government recommends 20 characters as a minimum. WPA2 passwords can be up to 63 characters long. Of course, it is better to include both upper and lower case letters along with numbers. WPA2 passwords can also contain a host of special characters.
But wait, there's more.
A long password can still be guessed with a dictionary attack. Despite the name, this type of attack can include many passwords that are not words in the dictionary. Things like "Denver2013" or "I like MickeyMouse". Many websites have been breached over the years and bad guys can find massive databases of passwords that people have actually chosen. Thus, defending against a thorough dictionary attack means not using a password that any other human has used before. A tall order indeed, but not impossible.
For advice on choosing a globally unique password, see my November 2014 blog: Wi-Fi security vs. government spies.
To get a feel for how bad guys crack Wi-Fi passwords, see How I cracked my neighbors WiFi password without breaking a sweat by Dan Goodin (August 2012). One eight-character password was hard to guess because it was a lower-case letter, followed two numbers, followed by five more lower-case letters with no discernible pattern. That is, it didn't spell any word either forwards or backwards. Resisting the temptation to use a human-readable word made guessing much harder. I suspect having the numbers in the middle also made it harder, as most people don't do this. Still, even back in 2012, guessing every possible 8-character password was a do-able thing. Goodin suggests using four or five randomly selected words - "applesmithtrashcancarradar" for instance - to make a password that can be easily spoken yet prohibitively hard to crack. I would add a number and an upper case letter.
Some routers ship with default Wi-Fi passwords that look like they were randomly chosen. Do not trust this. Pick a new password. For more on this, see Scrutinizing WPA2 Password Generating Algorithms in Wireless Routers August 2015
In April 2018 the Boston Red Sox were caught using "baseball" as the Wi-Fi password in the visitors clubhouse at Fenway Park. I wrote about this on the Routers in the news page and commented on the strength of assorted new suggested passwords.
See a funny tweet by Dan Edwards about needing to buy a drink at a bar before learning the Wi-Fi assword.
kyPeQ3!khx (Too short and can't remember it)
Dandelion (Never use a word in the dictionary)
Denver2012 (It is likely that someone else has used this before)
DBF9fkhu28FF!ca4$cc5C1795ecc (can't remember it)
Yankee fan? 22New22York22Yankees22
Like red tulips? red123TULIPS123
Like Shakespeare? tobeornottobe-->THATisthe?
From New York City? new-yawk-RULES!!!!
Like XKCD comics? BatteryHorseStaple.etcetcetc
Like to remember a date/place? Denver///2012///
Like your iPhone? iOSiscoolerthanandroidhaha
Like math? 6====ahalfdozen
Like golf? Icandriveagolfball300inches
Like being a smartass? >>>>>>>>thisismypassWORD