WPA3 makes behind-the-scenes changes not immediately visible to users to how devices connect to each other, specifically to make it as hard as possible for an attacker to access the network. Even if users create passwords for a Wi-Fi network that are considered to be weak, WPA3 has other elements that increases the difficulty.
There are two variants of WPA3 protection, named WPA3-Personal and WPA3-Enterprise, which offer slightly different levels of protection.
WPA3-Personal uses Simultaneous Authentication of Equals (SAE), a secure key establishment protocol that forces devices to communicate with a hotspot or another device before attempting to use a network password. This effectively shuts down one security hole under earlier WPA versions where an attacker could perform dictionary-based attacks against collected data packets away from the network.
The Enterprise version adds 192-bit encryption to transmit data, making it harder for attackers to decrypt data packets in a short period of time.
The commencement of certification for WPA3 does not mean it will be immediately available to users, nor make their current networking equipment obsolete. While it will slowly roll out in new products, it isn't currently a mandatory technology to use, but this status will change as adoption grows.
WPA2 compatibility is still required for all Wi-Fi certified devices, meaning hardware with WPA3 onboard will continue to work with current Wi-Fi networks without issue. While Apple's main product lines will most likely include support in the future, it is doubtful the same can be said to the AirPort, which Apple discontinued in April.
"WPA3 takes the lead in providing the industry's strongest protections in the ever-changing security landscape," said Wi-Fi Alliance President and CEO Edgar Figueroa. "WPA3 continues the evolution of Wi-Fi security and maintains the brand promise of Wi-Fi Protected Access."
The certification of WPA3 arrives eight months after the discovery of a major vulnerability in WPA2, known as a Key Reinstallation Attack (KRACK), which affected Apple devices and other hardware. The vulnerability prompted the Wi-Fi Alliance to adopt new testing enhancements to refine WPA2, as well as revealing the development of WPA3.
At the same time as Tuesday's announcement, the Wi-Fi Alliance introduced Wi-Fi Certified Easy Connect, a program to reduce the complexity of onboarding Wi-Fi devices with limited or no display interface at all. Aimed at Internet of Things hardware and similar items, Easy Connect will enable such devices to connect to a network by using another device, like a smartphone, to scan a QR code.