ProPrivacy is reader supported and sometimes receives a commission when you make purchases using links on this site.

What is a WPA2 and how does it work?

Wi-Fi Protected Access II (WPA2) is an encryption standard used to secure the majority of Wi-Fi networks. Despite being commonly referred to as WPA2, the standard is officially known as IEEE 802.11i-2014.

 

What is WPA2?

WPA2 was first released in 2004. It built on the previous WPA standard to increase data protection and network access control for Wi-Fi networks. When enabled, WPA2 makes it much safer to connect to Wi-Fi because it provides unique encryption keys for each wireless device. 

WPA2 has been mandatory for all Wi-Fi Alliance certified products since 2006. As a result, officially certified routers and devices have supported WPA2 for over 15 years. This makes WPA2 fairly old, which is why an updated version of the standard, known as WPA3, was ratified in January 2019.

WPA3 implements several security improvements over WPA2 and is now mandatory to gain official Wi-Fi Alliance certification. However, WPA2 is still the primary form of protection on Wi-Fi networks for the time being.

Check out our guide to WPA3 WiFi standard for more information about it.

What is the difference between WPA and WPA2?

The first thing to note is that WPA already contained some important security features found in IEEE 802.11i (WPA2).  For example, WPA dynamically generates a new 128-bit key for each packet using the Temporal Key Integrity Protocol (TKIP). This is a vast improvement over the security available in the Wired Equivalent Privacy (WEP) security algorithm that preceded it.

WPA also implements a message integrity check using a Message Authentication Code (MAC). This is designed to prevent an attacker altering, spoofing, or resending data packets. 

The crucial difference between these two standards is that WPA2 uses Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP), which is AES-based encryption (rather than TKIP). AES is a military-grade cipher that results in security being much more robust.

Are all Wi-Fi networks protected with WPA2 or later?

No. Although routers nowadays support WPA2, it is up to the Wi-Fi hotspot administrator to ensure that the encryption is enabled.

When a local network administrator sets up a router, they get a few different security options. If the admin opts to leave the router unsecured, this could leave users who connect to it vulnerable to cyberattacks. As a result, it is impossible to connect to public Wi-Fi confidently without the use of a VPN

In 2024, the security options available to network administrators setting up a Wi-Fi network are as follows (descending from most secure to least secure):

  • WPA + TKIP
  • WEP
  • Open Network (no security implemented)

What weaknesses does WPA2 have?

Even when WPA2 is implemented and a password is required to join a Wi-Fi network, it still harbors some potential vulnerabilities.

Passwords can potentially be cracked due to key management vulnerabilities present in the 4-way handshake. In addition to password decryption, this can result in packet replay, TCP connection hijacking, and HTTP content injection. Passwords are also potentially vulnerable to a dictionary attack

In addition, once any user has access to a WPA2 protected Wi-Fi network, it is possible that they might attack other devices connected to the network. This is why we recommend that you always use a VPN for public Wi-Fi networks.

The KRACK vulnerability can also be exploited to intercept unprotected data passing over the network, which is another reason why it is always recommended for consumers to use a VPN. 

What improvements does WPA3 provide?

As time passes vulnerabilities are exposed, and it becomes necessary to update standards that were previously considered secure. WPA3 is an updated version of the IEEE 802.11i standard that improves security in a number of ways:

However, although WPA3 allows for the implementation of all the advancements above, it is worth noting that the final specification only makes the new handshake mandatory. Thus, not all networks that update to WPA3 will roll out all the improvements mentioned above.

Thus, the primary benefits of WPA3 is the increased security of the handshake, which makes it harder to break into the network and protects it against the KRACK vulnerability. 

Should I use VPN on WPA2 protected networks?

When you connect to a public Wi-Fi hotspot, it is not always possible to tell what kind of security has been implemented.

In addition, as previously mentioned, even if WPA2 has been implemented, it is possible that your data could be exposed to another user who is also connected to the hotspot.

This is why it is vital for anybody who regularly connects to public Wi-Fi in locations such as coffee shops, hotels, and airports to use a VPN to encrypt their traffic

Written by: Ray Walsh

Digital privacy expert with 5 years experience testing and reviewing VPNs. He's been quoted in The Express, The Times, The Washington Post, The Register, CNET & many more. 

2 Comments

Janice Radeck
on September 30, 2023
Where can I find WPA number on my computer (MacAir)? I'm trying to connect with my Xfinity Internet but cannot until I find the WPA number. Thank you for helping me. jwr
https://cdn.proprivacy.com/storage/images/2024/01/danka-delicpng-avatar_image-small_webp.webp
Danka Delić replied to Janice Radeck
on March 14, 2024
The WPA number you're referring to is likely the Wi-Fi Protected Access (WPA) password, also known as the Wi-Fi network password. This password is what secures your Wi-Fi network and is required when you want to connect a new device to your Wi-Fi. It's not something that's found on your computer or MacBook Air itself unless your Mac has previously connected to that Wi-Fi network. Instead, the WPA password is set in your wireless router or gateway. Here are several ways to find your WPA password: Check Your Router: The simplest way to find your WPA password is to check your router. Many routers have a label on the bottom or back that lists the default Wi-Fi network name (SSID) and password. If you haven't changed your Wi-Fi password, this should work. Use a Connected Mac: If your MacBook Air or another device is already connected to the Wi-Fi network, you can find the saved Wi-Fi password. Open "Keychain Access" from the Utilities folder (you can use Spotlight search to find it quickly). In Keychain Access, in the left sidebar, make sure "login" is selected under Keychains and "Passwords" is selected under Category. Use the search box in the upper right corner to search for the name of your Wi-Fi network. Double-click on the network name in the list to open it, and then check the box next to "Show password." You may need to enter your Mac's administrator password to reveal the Wi-Fi password. Check Your Internet Provider's Documentation or Website: If your router was provided by your ISP, like Xfinity, the default Wi-Fi password might also be listed in the documentation that came with your router or on your ISP's website after you log into your account. Look at Any Saved Documentation: If you or someone else changed the Wi-Fi password from the default, it might have been written down or saved in a secure place, such as a password manager. Log Into Your Router: You can also find the WPA password by logging into the router's web interface from a computer that is connected to the router via Ethernet or Wi-Fi. The exact steps vary by router, but you generally need to enter the router's IP address into a web browser, log in with the router's admin credentials, and then navigate to the wireless settings section. If you're unable to find or retrieve your WPA password using these methods, you may need to reset your router to its factory default settings, which will reset the Wi-Fi password to its default as well. This option should be used as a last resort since it will erase all your router's custom settings. After resetting, you can set a new WPA password. Remember, always keep your Wi-Fi password secure and complex to prevent unauthorized access to your network.

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives:

The fastest VPN we test, unblocks everything, with amazing service all round

A large brand offering great value at a cheap price

One of the largest VPNs, voted best VPN by Reddit

One of the cheapest VPNs out there, but an incredibly good service