What Is Wi-Fi Protected Access (WPA)?

A step beyond WEP

WiFi App Icon

Jeffrey Coolidge / Getty Images

WPA (Wi-Fi protected access) is a Wi-Fi security technology developed in response to the weaknesses of WEP (wired equivalent privacy). It improves upon WEP's authentication and encryption features. WPA2, in turn, is an upgraded form of WPA; since 2006, every Wi-Fi-certified product has had to use it.

WPA Features

WPA provides stronger encryption than WEP using either of two standard technologies: Temporal key integrity protocol (TKIP) and advanced encryption standard (AES). WPA also includes built-in authentication support that WEP does not.

Some implementations of WPA allow WEP clients to connect to the network, too, but the security is then reduced to WEP levels for all connected devices.

WPA includes support for RADIUS (remote authentication dial-in user service) servers. In this setup, the server has access to device credentials so that users can be authenticated before they connect to the network. The server also holds EAP (extensible authentication protocol) messages.

When a device successfully connects to a WPA network, keys are generated using a four-way handshake that takes place with the access point (usually a router) and device.

When TKIP (temporal key integrity protocol) encryption is used, a message integrity code (MIC) is included to make sure that the data is not spoofed. It replaces WEP's weaker packet guarantee, which is called cyclic redundancy check (CRC).

What Is WPA-PSK?

WPA-PSK (WPA pre-shared key) is a variation of WPA designed for use on home networks. It's a simplified but still powerful form of WPA.

Similar to WEP, a static key or passphrase is set, but WPA-PSK uses TKIP. WPA-PSK automatically changes the keys at preset intervals to make it difficult for hackers to find and exploit them.

Working With WPA

You'll see options for using WPA when connecting to a wireless network and when setting up a network for others to connect to. It was designed to be supported on pre-WPA devices such as those that use WEP, but some work only with WPA after a firmware upgrade. Others are simply incompatible.

WPA pre-shared keys are vulnerable to attack, even though the protocol is more secure than WEP. Your best defense is a passphrase that's strong enough to circumvent brute-force attacks.