Zyxel Blog

Zyxel Blog

Are you Connecting Safely?

By Shawn Rogers

In honor of National Safer Internet Day, we are going to take a look at the new WPA3 standard that is available on Zyxel's WiFi 6 Access Points. Previously, most access points have been protected by WPA2, a standard that was ratified all the way back in 2004. As you can probably imagine, security technology has come a long way since 2004.

I don't want to spend too much time talking about the technology behind WPA3, but here's a quick overview: WPA3 beefs up security across the board, replacing Pre-Shared Keys with Simultaneous Authentication of Equals (SAE) which solves the KRACK vulnerability found in WPA2 and for business networks increases key size to 192-bits. WPA3 uses something called forward secrecy, also used by SSL, generating a unique key for each session so even if the key is compromised, it will not allow data from past sessions to be viewed.

Blog-WPA3_600-400
When it comes to WiFi, one of the biggest threats to data privacy is the use of public hotspots. This can be the WiFi at your favorite local coffee shop, the business hotel you stay at, or any other place you may connect to a public WiFi network. While WPA2 gave various methods of providing unique passwords for access to these hotspots, most hotspots never implemented them because of the difficulty generating and delivering unique passkeys for each user. Instead, most public networks run in "open" mode, with no encryption. Because of this, anyone can easily see and record all data passed through a public hotspot (They don't even have to connect to the hotspot themselves), providing a serious threat to data privacy. To solve this issue, many users have turned to using VPN connections to help protect their privacy, however these VPN solutions often require a paid subscription (or that you know how to set up and run your own VPN server) and still let data slip through between the time you connect to the hotspot and when the VPN connection is made.

WPA3 helps solve these issues with a new technology known as "Enhanced Open". Like the previous "open" mode on APs, users do not need to enter a password to connect to the public network. However, with Enhanced Open, even though no password (or PSK) is used, the connection between the client device and AP are encrypted using a unique key for each user. This ensures each users privacy is kept, while keeping connecting to hotspots as simple as possible.

WPA3, including Enhanced Open, is supported by Zyxel's WiFi 6 APs.