As you may know, WiFi networks transmit data between devices using radio waves, typically on the 2.4 gigahertz and 5 gigahertz radio-wave frequencies. Just like you can tune an FM radio to a specific channel to listen to your favorite radio show, anyone with the necessary skills can configure a WiFi capture device to collect all data that’s transmitted on a specific frequency.
To prevent potentially malicious strangers from seeing what you do online, stealing your passwords, and doing all kinds of other things, modern devices implement several different wireless network security standards, whose purpose is to encrypt wirelessly transmitted data and turn it into meaningless ciphertext.
Thanks to WiFi security, you can connect to a public WiFi network at an airport together with hundreds of other people and know that your personal information will remain private.
Secure WiFi connections are established when wireless clients (smartphones, laptops, etc.) and the wireless networks they connect to prove their identities to each other.
From the point of view of a regular user, the authentication process begins with the network security key prompt. This prompt acts as a gate, preventing those who don’t have the right network security key from establishing a secure connection.
Network security keys are typically alphanumerical passwords, but passwordless authentication using technologies like Wi-Fi Protected Setup (WPS) is also possible.
Even though WiFi security is a hot topic these days, there are still far more unsecured WiFi networks than most security experts would like. In fact, approximately 24.7 percent of WiFi hotspots in the world do not use any encryption at all, according to statistics from Kaspersky Security Network (KSN).
Such networks are commonly referred to as “open” because anyone can connect to them, and also because anyone can see the activity of the people connected to them. Needless to say, using open WiFi networks for anything that’s even remotely personal is a very bad idea. Fortunately, there are several security algorithms for wireless networks, with WEP, WPA, and WPA2 being by far the most prevalent ones.
WEP is short for Wired Equivalent Privacy, and it’s a security algorithm for IEEE 802.11 wireless networks, which communicate in the 900 MHz and 2.4, 3.6, 5, and 60 GHz frequency bands. WEP was first introduced in 1997, and it had been the main WiFi security algorithm until it was superseded by Wi-Fi Protected Access (WPA) in 2003 and later declared as deprecated.
Standard 64-bit WEP uses only a 40-bit key, and this key is shared among users, making it problematic for large organizations to fix security issues. The first WEP exploit was published in 2001, and the FBI publicly demonstrated that it was possible to crack a WEP-protected network in less than 3 minutes with tools that were freely available on the internet.
Today, WEP is used by only around 3 percent of access points globally. Most new routers don’t even give users the option to use it, and those that do display a warning message to inform users about the numerous shortcomings of the WEP security algorithm.
WPA2 is currently used on almost 70 percent of all WiFi routers, and most router manufacturers have made it the default security option. WPA2 relies on the Advanced Encryption Standard (AES) block cipher, which is a specification for the encryption of electronic data approved by the National Security Agency (NSA) for top secret information.
While significantly more secure than WEP, even WPA2 isn’t without its issues. Arguably the biggest problem with WPA2 is the fact that it remains vulnerable to password cracking if users rely on a weak password. To fix the issues associated with WPA2, the Wi-Fi Alliance announced WPA3 in January 2018, and certificate began in June 2018.
The next-generation, much improved, highly secure protocol promises safer browsing and keeping your important data from being stolen even on public networks. It can be even said that WPA3 will keep its users so safe they will even forget hazards ever existed.
The protocol is required since July 1, 2020, so there are already many new routers that support it. Here are some of the benefits users who purchase WPA3-enabled routers can look forward to:
Creating new passwords can be mundane, hence a lot of people end up using the same password for multiple accounts, plus passwords lack creativity, which results into an easy hacking. With WPA3 comes a new key exchange protocol that will protect you from dictionary attacks targeting lazy passwords created in a hurry.
Connect devices safely
WPA3 makes it much easier to connect new devices that don’t provide a convenient way to select a network and enter the correct password with Wi-Fi Easy Connect. This standardized provisioning and configuration solution makes it possible to connect a device by scanning the product quick response (QR) code, NFC tag, or downloading device information from the cloud.
WiFi devices can exchange information only because they talk the same language. This language is created and maintained by the Institute of Electrical and Electronics Engineers (IEEE) LAN/MAN Standards Committee (IEEE 802), which is why it’s called IEEE 802.11.
Just like regular languages evolve over time to reflect the changes in the world around us, the IEEE 802.11 protocols for implementing wireless local area network computer communication evolve as well.
Here’s a brief overview of past, present, and future WiFi standards:
|Maximum link rate of
|up to 11 Mbit/s
|up to 54 Mbit/s
|up to 54 Mbit/s
What is WiFi-6?)
What is WiFi-7?)
Also worth mentioning is 802.11mc, one of the maintenance/revision groups for the 802.11 standards.
On iOS devices, a WiFi network sometimes displays the Security Recommendation warning in the WiFi settings menu. When you see this message, your device is trying to tell you that you’re connected to a WiFi network whose security could be improved.
Perhaps the password is too weak, or the network is using an outdated security algorithm, or it doesn’t have a password to begin with. Whatever the case is, you can always click on the “i” icon displayed next to the warning message to learn more about your wireless network security.
Read here more about top WiFi security tips on how to stop a WiFi hacker from stealing your personal information.
All weak security WiFi warnings on iOS can be fixed by doing the following:
Now that you know the answers to the questions “What does weak security mean on WiFi?” and “Why does my WiFi say weak security?” you can go ahead and implement the above-described fixes.
WiFi home security is an important topic because nearly every household has a wireless network. The unfortunate reality is that all major WiFi security types have known vulnerabilities that can be exploited unless certain measures are taken.
Perhaps the most severe attack on WiFi security was discovered in 2016 by Belgian researchers Mathy Vanhoef and Frank Piessens. Called Key Reinstallation Attack, or KRACK for short, this replay attack makes it possible for any attacker within range of a victim to steal sensitive information and read information that was previously assumed to be safely encrypted.
The worst thing about KRACK is that it affects all software platforms, including Microsoft Windows, macOS, iOS, Android, Linux, and OpenBSD.
Read about the six essential steps you need to take right now to protect yourself from the KRACK attack.
While it’s beyond the scope of this article to list all best wireless security tips professional network administrators like to give to home and business users alike, we still feel the need to cover just the very basic ones.
Regardless of which WiFi security type you choose, a strong password remains the most effective protection against cybercriminals. A good password is long enough so it’s impossible to brute force it by trying many passwords or passphrases with the hope of eventually guessing correctly. You can easily calculate how long it would take an average computer to crack your password here.
Just like your smartphone, your router has an operating system that needs to be updated from time to time to fix various vulnerabilities and bugs that went unnoticed when it was released. While some routers update automatically, it’s always a good idea to manually check at least once a month to verify that your router is up to date.
With a WiFi surveillance and monitoring app like NetSpot, you can easily see your WiFi security settings as well as the security settings of all other WiFi networks that are within your range.
When WiFi users are asked if they know how to detect who is connected to their WiFi, they typically give one of two answers:
Those who give the second answer usually don’t realize that having a stranger connected to your WiFi network is a lot like having a stranger in your house. That’s why it’s important to occasionally check who is connected to your WiFi and kick all unfamiliar users out.
Public WiFi networks are convenient, but they are not all equally secure. In fact, some public WiFi networks are downright malicious, set up by criminals just to lure in unsuspecting users and steal their personal information.
In situations when you have no other option but to use a public WiFi network you don’t completely trust, you should protect yourself by creating an encrypted VPN tunnel and sending all data through it.
WiFi security is a complex topic with countless thick books dedicated to it. Although we’ve only managed to scratch the surface here, the information we’ve provided covers all the basics you need to be aware of in order to stay safe online.
You should always use the latest WiFi security standard supported by your router. Right now, the best WiFi security is provided by WPA3, but WPA2 with AES encryption is also fine.
To make sure your WiFi is safe, you need to enable a WiFi security standard like WPA3 and authenticate all clients using a strong password.
The term WiFi network security describes the various standards and processes that are used to make wireless connections secure.
The biggest difference between WPA and WPA2 is the fact that the former WiFi network security standard relies on the Temporal Key Integrity Protocol (TKIP), which is no longer considered secure.