What Is WPA2 (Wireless Protected Access 2)?

Parents and Baby Using Computer On Couch
Sam Diephuis/Taxi/Getty Images

WPA2 (Wi-FI Protected Access 2) is a network security technology commonly used on Wi-Fi wireless networks. WPA2 replaced the original WPA technology on all certified Wi-Fi hardware since 2006 and is based on the IEEE 802.11i technology standard for data encryption.

WPA2 vs. WPA and WEP

Wireless Protected Access was designed as a replacement for the older and much less secure Wireless Encryption Protocol (WEP).

WPA2 should be used instead of WEP on home computer networks.

WPA2 also improves the security of Wi-Fi connections by requiring use of stronger wireless encryption methods than what the original WPA required.

AES vs. TKIP for Wireless Encryption

When setting up your network with WPA2, you will see several options to choose from, typically including a choice between two encryption methods – AES (Advanced Encryption Standard) and TKIP (Temporal Key Integrity Protocol). WPA2 added support for AES to provide stronger encryption than TKIP.

Many home routers allow administrators to choose from among the possible combinations:

  • WPA with TKIP (WPA-TKIP): This is the default choice for old routers that did not yet support WPA2.
  • WPA with AES (WPA-AES): AES was first introduced before the WPA2 standard was completed, although very few clients ever supported this mode.
  • WPA2 with AES (WPA2-AES): This is the default choice for newer routers and the recommended option for networks where all clients support AES.
  • WPA2 with AES and TKIP (WPA2-AES/TKIP): Routers need to enable both modes if any of their clients do not support AES. All WPA2 capable clients support AES, most WPA clients do not.

Any of these options are certainly preferred over WEP or using no encryption at all.

WPA2 Keys

Several different forms of WPA2 security keys exist.

 WPA2 Pre-Shared Key (PSK) utilizes keys that are 64 hexadecimal digits long and is the method most commonly used on home networks. Many home routers call WPA2 PSK as "WPA2 Personal" mode; these refer to the same underlying technology.

Limitations of WPA2

Most home routers support both WPA2 and a separate feature called Wi-Fi Protected Setup (WPS). While WPS is designed to simplify the process of setting up home network security, flaws in how it was implemented greatly limit its usefulness. With WPA2 and WPS disabled, an attacker needs to somehow determine the WPA2 PSK clients are using, a very time consuming process. With both features enabled, an attacker only needs to find the WPS PIN to then in turn reveal the WPA2 key, a much simpler process. Security advocates recommend keeping WPS disabled for this reason.

WPA and WPA2 sometimes interfere with each other if both are enabled on a router at the same time. This can cause client connection failures.

Using WPA2 decrease the performance of network connections due to the extra processing load of encryption and decryption. That said, the performance impact of WPA2 is usually neglible. (WPA and especially WEP impacted performance much more.)