Almost everywhere you go today, there is a Wi-Fi network that you can connect to. Whether at home, in the office, or at your local coffee shop, there are many Wi-Fi networks out there. Each Wi-Fi network is configured with a certain kind of network security: either open to everyone, or extremely limited where only certain clients can connect.
When it comes to Wi-Fi security, you only have a few options, especially if you are setting up a home wireless network. Today, the three main security protocols are WEP, WPA, and WPA2. These protocols use two large algorithms: TKIP and AES with CCMP. I’ll explain some of these concepts in more detail below.
Which security option to choose?
If you are not interested in all the technical details of each of these protocols and just want to know which one to choose for your wireless router, then check out the list below. It is rated from safest to least secure. The more secure option you choose, the better.
If you are not sure if some of your devices will be able to connect using the most secure method, I suggest you turn it on and then check for problems. I thought some devices would not support the highest encryption, but was surprised to find that they connect just fine.
- WPA2 Enterprise (802.1x RADIUS)
- WPA2-PSK AES
- WPA-2-PSK AES + WPA-PSK TKIP
- WPA TKIP
- Open (no security)
It is worth noting that WPA2 Enterprise does not use pre-shared keys (PSK), but instead uses EAP and requires an internal RADIUS server for username and password authentication. The PSK you see with WPA2 and WPA is essentially the wireless key that you must enter when you first connect to a wireless network.
– / ]
WPA2 Enterprise is much more difficult to set up and is usually only done in corporate environments or for highly tech-savvy home owners. In practice, you will only be able to select options 2 through 6, although most routers now do not even support WEP or WPA TKIP as they are insecure.
WEP, WPA, and WPA2 overview
I won’t go into the technical details of each of these protocols because you can easily google a lot of additional information. Essentially, wireless security protocols emerged in the late 90s and have evolved ever since. Fortunately, only a few protocols have been adopted, so they are much easier to understand.
WEP or Wired Equivalent Privacy was released back in 1997 along with the 802.11 standard for wireless networks. It was supposed to provide privacy equivalent to wired networks (hence the name).
WEP started with 64-bit encryption and eventually got to 256-bit encryption, but 128-bit encryption was the most popular implementation in routers. Unfortunately, very soon after the introduction of WEP, security researchers discovered several vulnerabilities that allowed them to crack the WEP key within minutes.
Even with updates and fixes, WEP remained vulnerable and easy to penetrate. In response to these concerns, the WiFi Alliance introduced WPA, or WiFi Protected Access, which was adopted in 2003.
WPA was really only meant as an intermediate tool until they were able to finalize WPA2, which was introduced in 2004 and is now the standard in use today. WPA used TKIP or Temporal Key Integrity Protocol as a way to ensure message integrity. This was in contrast to WEP, which used CRC or Cyclic Redundancy Check. TKIP was much stronger than CRC.
Unfortunately, to ensure interoperability, the Wi-Fi Alliance borrowed some aspects from WEP, which eventually made WPA with TKIP insecure. WPA included a new feature called WPS (WiFi Protected Setup), which was supposed to make it easier for users to connect devices to a wireless router. However, in the end, vulnerabilities were discovered that allowed security researchers to crack the WPA key in a short period of time.
WPA2 became available as early as 2004 and was officially required by 2006. The biggest change between WPA and WPA2 is the use of AES encryption with CCMP instead of TKIP.
In WPA, AES was optional, but in WPA2, AES is required and TKIP is optional. From a security standpoint, AES is much safer than TKIP. Some issues have been found in WPA2, but these only occur in a corporate environment and do not apply to home users.
WPA uses either 64-bit or 128-bit keys, the most common of which is 64-bit for home routers. WPA2-PSK and WPA2-Personal are terms used interchangeably.
So, if you need to remember any of this, here’s the thing: WPA2 is the most secure encryption protocol, and AES with CCMP is the most secure encryption. In addition, you should disable WPS as it is very easy to hack and obtain a router PIN that you can then use to connect to your router. If you have any questions, do not hesitate to comment. Enjoy!