Question Is WPA3 worth it if still have WPA2 devices?

slippyjim

Distinguished
Feb 28, 2012
162
1
18,685
0
Hi,

I was reading about WPA2 and I didnt realise it is so vulnerable so I have been looking at WPA3 routers in particular the TP Link Archer AX20 but then I was thinking as not all my devices support WPA3 I will still have to broadcast on either WPA3 & WPA2 or set just the 2.4GHz to WPA2 (is that possible?) and so am I any better off than my current WPA2 only router?

If any WPA2 signal is being broadcast then the router is just as vulnerable, correct?

Thanks
 

BFG-9000

Distinguished
The primary boost in security is that someone with the passkey (like other customers in a coffee shop) won't be able to decrypt everyone else's traffic. There doesn't seem to be any security improvement if you allow downgrading to WPA2 mode.
 
WPA2 is only vulnerable if the government drives up the semi truck with their quantum computer in it and parks in front of your house.

This is mostly theoretical stuff but it will be many years before a home computer is powerful enough to hack a wifi connection. I suspect the router manufactures are hyping it just so they can sell more equipment.

The router manufacture do not actually care about security it seems. Many ship with the WPS function turned on. That can be hacked in minutes using just a cell phone but they refuse to remove the feature from routers. Too many "smart" device the only way to configure is with that stupid button. Not sure what it going to happen if only WPA3 is used it does not support the use of WPS so all those smart devices won't connect......then again maybe that is the scam to force everyone to buy new stuff.

The largest security problem with wifi is the human. You can get past the largest security exposure by using enterprise mode so every user has their own user id and password. In addition this uses a radius server for the authentication rather than wifi protocol so it is slightly more secure.

Note to BFG-9000 just having the preshared key only makes it somewhat easier to see someone traffic at a coffee shop. The pre shared key is only used for initial session setup after than a unique session key is generated for each device connecting. Someone would have to monitor your traffic as you first connected to get the session key using the preshared key. The trick to deassociate a end device and force it to reconnect while you watch no longer works on most routers made after 2018. In addition it is extremely hard to get clean data capture with stuff like mimo involved the path to each device is slightly different so the signals you get can be a bit different. Not impossible but much much harder than the days before encryption and HTTPS where people used to steal facebook accounts.
 

ASK THE COMMUNITY