Open In App

Wifi Protected Access (WPA)

Last Updated : 23 Feb, 2024
Like Article

The two security protocols and security certification programs are Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2). These are developed by the Wi-Fi Alliance to secure wireless computer networks. The Alliance defined these protocols because of the serious weaknesses the researchers found in the previous system, Wired Equivalent Privacy (WEP)

What is Wifi Protected Access (WPA)?

WPA also referred to as the draft IEEE 802.11i standard became available in 2003. The Wi-Fi Alliance made it an intermediate measure in anticipation of the availability of the more secure and complex WPA2, which became available in 2004 and is a common short for the full IEEE 802.11i standard. In 2003, WPA—also known as the TKIP standard—became accessible. It was meant to be a stopgap measure by the Wi-Fi Alliance before the more complicated and secure WPA2 became available in 2004. WPA2 is a common acronym for the entire IEEE 802.11i (or IEEE 802.11i-2004) standard.
In January 2018, with several security improvements over WPA2 Wi-Fi Alliance announced the release of WPA3

Versions of WPA

There are some different versions of WPA which include WPA, WPA2, and WPA3. Different versions have different features, Below mentioned are versions of WiFi Protected Access:

1. WPA

The WPA is an intermediate measure to take the place of WEP. WPA could be implemented through firmware upgrades on wireless network interface cards that were designed for WEP in 1999. However, since more changes were required in the wireless access points (APs) than those needed on the network cards, most pre-2003 APs could not be upgraded to support WPA. 

The WPA protocol implements almost all of the IEEE 802.11i standard. WEP used a 64-bit or 128-bit encryption key that must be manually entered on wireless access points and devices which once entered can never be changed. TKIP employs a per-packet key, which means that it dynamically generates a new 128-bit key for each packet and thus prevents the types of attacks that compromise WEP. 

WPA includes a Message Integrity Check, which is designed to prevent an attacker from altering or resending data packets. This replaced the cyclic redundancy check (CRC) that was used by the WEP standard. CRC’s had a main flaw in that it did not provide a sufficiently strong data integrity guarantee for the packets it handled. Well-tested message authentication codes existed to solve these problems, but they required too much computation to be used on old network cards. WPA uses a message integrity check algorithm called TKIP to verify the integrity of the packets. TKIP is much stronger than a CRC, but the algorithm used in WPA2 is stronger. Researchers discovered a flaw in WPA similar to older weaknesses in WEP and the limitations of the message integrity code hash function, named Michael, that is used to retrieve the keystream from short packets to use for re-injection and spoofing. 

2. WPA2

WPA2 replaced WPA. WPA2, which requires testing and certification by the Wi-Fi Alliance, implemented the mandatory elements of IEEE 802.11i. Particularly, it included mandatory support for CCMP(Counter Mode CBC-MAC Protocol), an AES(Advanced Encryption Standard) based encryption mode. Certification began in September 2004. WPA2 certification is mandatory for all new devices to bear the Wi-Fi trademark from March 13, 2006. 

What are the new features does the WPA2 protocol offer?

WPA was replaced in 2004 with WPA2. WPA2 employs the Block Chaining Message Authentication Code Protocol (CCMP), a Counter Mode Cypher. The Advanced Encryption Standard (AES) algorithm, which verifies the authenticity and integrity of messages, forms the foundation of the CCMP protocol. Compared to the original Temporal Key Integrity Protocol (TKIP) used by WPA, CCMP is more robust and dependable.

However, WPA2 still has security flaws. The risk of unwanted access to the company wireless network is the main one among those weaknesses. This occurs when an attack vector on specific Wi-Fi Protected Setup (WPS) access points is compromised. To deter such threats, it is advised that WPS be turned off for every WPA2 attack vector access point. Threat actors can use downgrade attacks to target more vulnerabilities in WPA2.

3. WPA3

In 2018, Wi-Fi Protected Access 3, or WPA3, replaced WPA2. The most recent and improved version of WPA is WPA3. In 2018, the Wi-Fi Alliance started certifying goods that had been WPA3-approved. Not all devices immediately incorporate WPA3 capability. Users must either purchase brand-new routers that support WPA3 or have the equipment upgraded by the manufacturer in order to use WPA3-approved devices, such as wireless routers.

What are the new Features Does the WPA3 Protocol Offer?

In 2018, Wi-Fi Protected Access 3, or WPA3, replaced WPA2. WPA3 is the most recent version of the WPA protocol. In 2018, the Wi-Fi Alliance started to certify products that met WPA3 standards. Not every device has WPA3 support added to it automatically. If users want to use wireless routers or other WPA3-approved devices, they have two options: either purchase new routers that enable WPA3 or have the manufacturer update the device. A comparable 192-bit cryptographic strength (in WPA3-EAP enterprise mode); 384-bit Hashed Message Authentication Mode (HMAC); 256-bit Broadcast/Multicast Integrity Protocol (BIP-GMAC-256); 256-bit Galois/Counter Mode Protocol encryption (GCMP-256); SAE exchange; and WiFi Device Provisioning Protocol (DPP).

Working with WPA

When establishing a network for others to connect to and when connecting to a wireless network, you’ll see options for employing WPA. Although it was intended to enable pre-WPA devices like those that use WEP, some only function with WPA after a firmware update. Some things are just not compatible.

Despite the protocol being more secure than WEP, attacks can still be made against WPA pre-shared keys. Your best line of defence is a passphrase that can withstand brute-force attacks.

Security Issues with WPA

  • Key shared ahead of time If users rely on a weak password or passphrase, WPA and WPA2 are still susceptible to password cracking attempts.
  • Insufficient upfront secrecy
  • Due to the lack of forward secrecy offered by WPA and WPA2, an adversary may be able to passively and covertly gather all packets encrypted with that PSK transmitted in the past and even in the future once they ascertain the pre-shared key.
  • Tactics known as denial of service, in which an attacker overloads the network with messages, impairing the availability of network resources
  • Eavesdropping is the practice of unauthorised third parties intercepting data being transferred across secure networks. Spoofing and session hijacking are methods by which an attacker obtains access to network resources and data by impersonating a legitimate user.

Difference Between WEP and WPA

A security standard for computers with wireless internet connections is called Wi-Fi Protected Access (WPA). The Wi-Fi Alliance developed it to improve upon the original Wi-Fi security standard, Wired Equivalent Privacy (WEP), in terms of data encryption and user authentication.





Relies on RC4 encryption set of rules.

Supports TKIP and AES encryption algorithms for more potent protection.


Vulnerable to numerous attacks, including brute-pressure attacks, packet sniffing, and key restoration assaults.

Addresses among the vulnerabilities found in WEP, presenting stronger safety towards attacks.

Key Management

Uses static encryption keys which can be manually configured and infrequently changed.

Supports dynamic key exchange protocols, such as WPA-Personal (the use of Pre-Shared Key) or WPA-Enterprise (using IEEE 802.1X authentication), for advanced key management and protection.


Widely supported by older Wi-Fi devices, however compatibility can be reducing as it’s far considered outdated.

Compatible with most present day Wi-Fi devices, although older devices won’t aid newer encryption protocols like AES.

Security Protocol

Uses WEP encryption protocol.

Uses more potent encryption protocols inclusive of TKIP (Temporal Key Integrity Protocol) and later AES (Advanced Encryption Standard).

For more, you can refer to Difference Between WEP and WPA.

Frequently Asked Question on WPA – FAQs

How does WPA encryption work?

In order to address the increasing vulnerabilities of its predecessor, WEP, WPA (Wi-Fi Protected Access) was introduced as a wireless security protocol in 2003. Because the WPA Wi-Fi protocol employs a 256-bit encryption key—a significant improvement over the 64-bit and 128-bit keys used by the WEP system—it is more secure than the WEP protocol.

Can I upgrade my router to WPA3?

You’re in luck if your router can support WPA3 with a firmware upgrade and is somewhat older but still functional. Over WPA2, WPA3 is a software-based upgrade that many routers can enable through firmware updates.

Can WPA3 and WPA2 devices communicate with each other?

WPA3 is incompatible with older hardware that is limited to WPA2 compatibility. Nonetheless, the majority of contemporary routers and devices are built with support for both WPA3 and WPA2, enabling networks to function in mixed mode to support older devices.

Like Article
Suggest improvement
Share your thoughts in the comments

Similar Reads