Earlier at CES 2018, the Wi-Fi Alliance announced that it is working on the WPA3 (Wi-Fi Protected Access 3) draft standard. The announcement does not go too much into detail about what exact changes this new version will bring, nor is the specification available yet, but four key areas of improvement are mentioned in the press release:
- Stronger protection even for networks with weak passwords. Presumably, this refers to stronger defences against things like brute-force attacks.
- Simplified setup process for IoT devices, which could make it easier to connect to secure wireless networks for Internet of Things devices.
- Stronger encryption. According to the announcement, WPA3 will include a 192-bit security suite, useful for networks with higher security demands, such as governments.
- Individualized data encryption on open networks. With WPA3, security even on open networks will improve. It is not yet known how this will be implemented, but, according to Mathy Vanhoef, it may be through Opportunistic Wireless Encryption (encryption without authentication).
There is still a lot to be learned about these features, as the draft standard has not even been published yet. While Wi-Fi Alliance says that WPA3 will be available later in 2018, it is also not known if any older devices will be updated to be able to make use of it, although, given that devices will need to go through a certification process again to be approved by Wi-Fi Alliance to use the upcoming standard (not to mention the already-poor ability of most manufacturers to roll out security updates to their devices), it is likely that most existing devices will be sticking to WPA2.