Wireless Security Protocols: WEP, WPA, and WPA2

Even though it is kind of logical to secure your WiFi network, it is sometimes a bit puzzling to understand which encryption protocol to implement with all the abbreviations. We'll try to review and explain the differences among the encryption standards like WEP, WPA, and WPA2 so you can see which will work best for your environment.

The difference between WEP, WPA and WPA2

WiFi security algorithms have been through many changes and upgrades since the 1990s to become more secure and effective. Different types of wireless security protocols were developed for home wireless networks protection. The wireless security protocols are WEP, WPA, and WPA2, serving the same purpose but being different at the same time. Not only do the protocols prevent unwanted parties from connecting to your wireless network, but also wireless security protocols encrypt your private data sent over the airwaves.

No matter how protected and encrypted, wireless networks cannot keep up in safety with wired networks. The latter, at their most basic level, transmit data between two points, A and B, connected by a network cable. To send data from A to B, wireless networks broadcast it within their range in every direction to every connected device that happens to be listening.

Let's have a closer look at WEP, WPA, and WPA2 wireless security protocols.

Wired Equivalent Privacy (WEP)

WEP was developed for wireless networks and approved as a Wi-Fi security standard in September, 1999. WEP was aimed to offer the same security level as wired networks, however there are a bunch of well-known security issues in WEP, which is also easy to break and hard to configure.

Wired Equivalent Privacy (WEP)

Despite all the work that has been done to improve the WEP system it still is a highly vulnerable solution. Systems that rely on this protocol should be either upgraded or replaced in case security upgrade is not possible. WEP was officially abandoned by the Wi-Fi Alliance in 2004.

Wi-Fi Protected Access (WPA)

For the time the 802.11i wireless security standard was in development, WPA was used as a temporary security enhancement for WEP. One year before WEP was officially abandoned, WPA was formally adopted. Most modern WPA applications use a preshared key (PSK), most often referred to as WPA Personal, and the Temporal Key Integrity Protocol or TKIP (/tiːˈkɪp/) for encryption. WPA Enterprise uses an authentication server for keys and certificates generation.

Wi-Fi Protected Access (WPA)

WPA was a significant enhancement over WEP, but as the core components were made so they could be rolled out through firmware upgrades on WEP-enabled devices, they still relied onto exploited elements.

WPA, just like WEP, after being put through proof-of-concept and applied public demonstrations turned out to be pretty vulnerable to intrusion. The attacks that posed the most threat to the protocol were however not the direct ones, but those that were made on Wi-Fi Protected Setup (WPS) - auxilliary system developed to simplify the linking of devices to modern access points.

Wi-Fi Protected Access version 2 (WPA2)

The 802.11i wireless security standard based protocol was introduced in 2004. The most important improvement of WPA2 over WPA was the usage of the Advanced Encryption Standard (AES) for encryption. AES is approved by the U.S. government for encrypting the information classified as top secret, so it must be good enough to protect home networks.

At this time the main vulnerability to a WPA2 system is when the attacker already has access to a secured WiFi network and can gain access to certain keys to perform an attack on other devices on the network. This being said, the security suggestions for the known WPA2 vulnerabilities are mostly significant to the networks of enterprise levels, and not really relevant for small home networks.

Unfortunately, the possibility of attacks via the Wi-Fi Protected Setup (WPS), is still high in the current WPA2-capable access points, which is the issue with WPA too. And even though breaking into a WPA/WPA2 secured network through this hole will take anywhere around 2 to 14 hours it is still a real security issue and WPS should be disabled and it would be good if the access point firmware could be reset to a distribution not supporting WPS to entirely exclude this attack vector.

Which security method will work for your network

Here is the basic rating from best to worst of the modern WiFi security methods available on modern (after 2006) routers:

  1. WPA2 + AES
  2. WPA + AES
  3. WPA + TKIP/AES (TKIP is there as a fallback method)
  4. WPA + TKIP
  5. WEP
  6. Open Network (no security at all)

The best way to go is deactivate Wi-Fi Protected Setup (WPS) and set the router to WPA2 +AES. And as you go down the list, the less secure your network is going to get.


If you leave your router with no security then anyone can steal the bandwidth, perform illegal actions out of your connection and name, monitor your web activity, and easily install malicious apps in your network. Both WPA and WPA2 are supposed to secure wireless internet networks from unauthorized access.

WPA vs. WPA2

WiFi routers support a variety of security protocols to secure wireless networks: WEP, WPA and WPA2. However WPA2 is recommended over its predecessor WPA (Wi-Fi Protected Access).

Probably the only downside of WPA2 is how much processing power it needs to protect your network. This means more powerful hardware is needed in order not to experience lower network performance. This issue concerns older access points that were implemented before WPA2 and only support WPA2 via a firmware upgrade. Most of the current access points have been supplied with more capable hardware.

Definitely use WPA2 if you can and only use WPA if there is no way your access point will support WPA2. Using WPA is also a possibility when your access point regularly experiences high loads and the network speed suffers from the WPA2 usage. When security is the top priority then rolling back is not an option, instead one should seriously consider getting better access points. WEP has to be used if there is no possibility to use any of the WPA standards .

Encryption Speed

Depending on what security protocols you use the data speed can be affected. WPA2 is the fastest of the encryption protocols, while WEP is the slowest.

Protect Your WiFi Network

While WPA2 is much more secure than WPA and therefore much more secure than WEP, the security of your router heavily depends on the password you set. WPA and WPA2 let you use passwords of up to 63 characters.

Use as many various characters in your WiFi network password as possible. Hackers are interested in easier targets, if they can't break your password in several minutes, they will most likely move on to look for more vulnerable networks. Summary:

  1. WPA2 is the enhanced version of WPA;
  2. WPA only supports TKIP encryption while WPA2 supports AES;
  3. Theoretically, WPA2 is not hackable while WPA is;
  4. WPA2 needs more processing power than WPA;
  5. Use NetSpot to check your encryption!

NetSpot for Android

Coming soon! Be the first to know about NetSpot WiFi analyzer for Android.

Have more questions? Submit a request.

Windows version is here!

NetSpot WiFi planning tool helps in analysis, configuration and deployment of a WiFi network easily.
Get the free WiFi manager app

Next in WiFi Planning

Other Articles

Start now with NetSpot
Runs on a MacBook (macOS 10.10+) or any laptop (Windows 7/8/10)
with a standard 802.11a/b/g/n/ac wireless network adapter.