What Is Wi-Fi Protected Access (WPA)?

A step beyond WEP

Wi-Fi Protected Access is a Wi-Fi security technology developed in response to the weaknesses of Wired Equivalent Privacy standards. It improves upon WEP's authentication and encryption features. WPA2, in turn, is an upgraded form of WPA; since 2006, every Wi-Fi-certified product must use it.

WPA Features

WPA provides stronger encryption than WEP using either of two standard technologies: Temporal key integrity protocol and advanced encryption standard. WPA also includes built-in authentication support that WEP does not.

WPA-2 vs WPA

Some implementations of WPA allow WEP clients to connect to the network, too, but the security is then reduced to WEP levels for all connected devices.

WPA includes support for remote authentication dial-in user service servers. In this setup, the server accesses device credentials so that users authenticate before they connect to the network. The server also holds extensible authentication protocol messages.

When a device successfully connects to a WPA network, keys generate using a four-way handshake that takes place with the access point (usually a router) and device.

When TKIP encryption is used, a message integrity code is included to make sure that the data is not spoofed. It replaces WEP's weaker packet guarantee, which is called cyclic redundancy check.

What Is WPA-PSK?

WPA Pre-Shared Key is a variation of WPA designed for home networks. It's a simplified but still powerful form of WPA.

Similar to WEP, a static key or passphrase is set, but WPA-PSK uses TKIP. WPA-PSK automatically changes the keys at preset intervals to make it difficult for hackers to find and exploit them.

Working With WPA

You'll see options for using WPA for connecting to a wireless network and when setting up a network for others to connect to. It was designed to be supported on pre-WPA devices such as those that use WEP, but some work only with WPA after a firmware upgrade. Others are simply incompatible.

WPA pre-shared keys are vulnerable to attack, even though the protocol is more secure than WEP. Your best defense is a passphrase that's strong enough to circumvent brute-force attacks.