All About WiFi Security

WiFi security is a big topic to get into, but knowing just the basics gives you a massive edge over cybercriminals, who are always on the lookout for new ways how to bypass WiFi security and steal sensitive information from unsuspecting users. Download NetSpot and use it to verify that your own WiFi network adheres our security recommendations.

WEP vs WPA vs WPA2


Even though WiFi security is a hot topic these days, there are still far more unsecured WiFi networks than most security experts would like. In fact, approximately 24.7 percent of WiFi hotspots in the world do not use any encryption at all, according to statistics from Kaspersky Security Network (KSN).

Such networks are commonly referred to as “open” because anyone can connect to them, and also because anyone can see the activity of the people connected to them. Needless to say, using open WiFi networks for anything that’s even remotely personal is a very bad idea. Fortunately, there are several security algorithms for wireless networks, with WEP, WPA, and WPA2 being by far the most prevalent ones.


What Is WEP?

WEP is short for Wired Equivalent Privacy, and it’s a security algorithm for IEEE 802.11 wireless networks, which communicate in the 900 MHz and 2.4, 3.6, 5, and 60 GHz frequency bands. WEP was first introduced in 1997, and it had been the main WiFi security algorithm until it was superseded by Wi-Fi Protected Access (WPA) in 2003 and later declared as deprecated.

Standard 64-bit WEP uses only a 40-bit key, and this key is shared among users, making it problematic for large organizations to fix security issues. The first WEP exploit was published in 2001, and the FBI publicly demonstrated that it was possible to crack a WEP-protected network in less than 3 minutes with tools that were freely available on the internet.

Today, WEP is used by only around 3 percent of access points globally. Most new routers don’t even give users the option to use it, and those that do display a warning message to inform users about the numerous shortcomings of the WEP security algorithm.


What Is WPA?

Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) are security algorithms developed by the Wi-Fi Alliance to address the numerous shortcomings of the WEP security algorithm.

WPA2 is currently used on almost 70 percent of all WiFi routers, and most router manufacturers have made it the default security option. WPA2 relies on the Advanced Encryption Standard (AES) block cipher, which is a specification for the encryption of electronic data approved by the National Security Agency (NSA) for top secret information.

While significantly more secure than WEP, even WPA2 isn’t without its issues. Arguably the biggest problem with WPA2 is the fact that it remains vulnerable to password cracking if users rely on a weak password. The Wi-Fi Alliance wants to fix this problem with WPA3, but it will take at least a few years before it becomes widespread. Until then, users should learn how to create strong passwords, which is something we cover later in this article.

Learn more WEP and WPA encryption.


WPA3 is almost here

The next-generation, much improved, highly secure protocol promises safer browsing and keeping your important data from being stolen even on public networks. It can be even said that WPA3 will keep its users so safe they will even forget hazards ever existed.

According to WiFi Alliance information, this protocol won't be widely available until sometime in 2019, but when it finally is, we are getting lots of benefits. Once all devices can switch from WPA2 to WPA3 the older one can be disabled and a better security age will commence.

So here are the benefits all users will get with wide implementation of WPA3:

Password Protection
Creating new passwords can be mundane, hence a lot of people end up using the same password for multiple accounts, plus passwords lack creativity, which results into an easy hacking. With WPA3 comes a new key exchange protocol that will protect you from dictionary attacks targeting lazy passwords created in a hurry.

Connect devices safely
There is no straightforward secure way to onboard new devices to an existing wireless network. WPA3 will offer such a way with its Wi-Fi Easy Connect app. It should greatly simplify the onboarding process for those devices that have no or limited display interface (e.g. IoT or automation ones). You'll be able to simply scan a QR code on a device and your router and safely connect them just like that.

What Is WiFi Security Recommendation on iOS?


On iOS devices, a WiFi network sometimes displays the Security Recommendation warning in the WiFi settings menu. When you see this message, your device is trying to tell you that you’re connected to a WiFi network whose security could be improved.

Perhaps the password is too weak, or the network is using an outdated security algorithm, or it doesn’t have a password to begin with. Whatever the case is, you can always click on the “i” icon displayed next to the warning message to learn more about your wireless network security.

Read here more about top WiFi security tips on how to stop a WiFi hacker from stealing your personal information.

Common WiFi Home Security Vulnerabilities


WiFi home security is an important topic because nearly every household has a wireless network. The unfortunate reality is that all major WiFi security types have known vulnerabilities that can be exploited unless certain measures are taken.


KRACK (or Key Reinstallation Attacks)

Perhaps the most severe attack on WiFi security was discovered in 2016 by Belgian researchers Mathy Vanhoef and Frank Piessens. Called Key Reinstallation Attack, or KRACK for short, this replay attack makes it possible for any attacker within range of a victim to steal sensitive information and read information that was previously assumed to be safely encrypted.

The worst thing about KRACK is that it affects all software platforms, including Microsoft Windows, macOS, iOS, Android, Linux, and OpenBSD.

Read about the six essential steps you need to take right now to protect yourself from the KRACK attack.

Best WiFi Security Tips


While it’s beyond the scope of this article to list all best wireless security tips professional network administrators like to give to home and business users alike, we still feel the need to cover just the very basic ones.


Choose a Strong Password

Regardless of which WiFi security type you choose, a strong password remains the most effective protection against cybercriminals. A good password is long enough so it’s impossible to brute force it by trying many passwords or passphrases with the hope of eventually guessing correctly. You can easily calculate how long it would take an average computer to crack your password here.


Don’t Forget to Update Your Router

Just like your smartphone, your router has an operating system that needs to be updated from time to time to fix various vulnerabilities and bugs that went unnoticed when it was released. While some routers update automatically, it’s always a good idea to manually check at least once a month to verify that your router is up to date.


Monitor Your Wireless Security

With a WiFi surveillance and monitoring app like NetSpot, you can easily see your WiFi security settings as well as the security settings of all other WiFi networks that are within your range. NetSpot can help you decide whether you should kick people off your WiFi, and it can also tell you where you should place your router to enjoy the best coverage possible.

Conclusion


WiFi security is a complex topic with countless thick books dedicated to it. Although we’ve only managed to scratch the surface here, the information we’ve provided covers all the basics you need to be aware of in order to stay safe online.


Have more questions? Submit a request.

Windows version is here!

NetSpot WiFi planning tool helps in analysis, configuration and deployment of a WiFi network easily.
Get the free WiFi site survey app

Next in All about Wi-Fi


Other Articles

Start now with NetSpot
Runs on a MacBook (macOS 10.10+) or any laptop (Windows 7/8/10)
with a standard 802.11a/b/g/n/ac wireless network adapter.