WPA2
What is WPA2?
WPA2The second generation of Wi-Fi Protected Access, based on AES-CCMP and IEEE 802.11i, that has been the de facto Wi-Fi security standard since 2004.
WPA2, ratified in 2004, replaced WPA with the full IEEE 802.11i security suite. Its Personal mode uses a pre-shared key fed through PBKDF2 into a 4-way handshake to derive per-session keys, while its Enterprise mode delegates authentication to a RADIUS server via 802.1X/EAP. Data is encrypted with AES-CCMP, providing strong confidentiality and integrity. WPA2 is, however, vulnerable to offline dictionary attacks if a weak passphrase is used and to the KRACK key-reinstallation attack against unpatched clients. Modern deployments should enable Protected Management Frames, use long random passphrases, prefer Enterprise mode where possible, and migrate to WPA3 as devices allow.
● Examples
- 01
A small office uses WPA2-Personal with a 20-character passphrase to protect its wireless LAN.
- 02
An enterprise deploys WPA2-Enterprise with EAP-TLS so every device authenticates via certificate.
● Frequently asked questions
What is WPA2?
The second generation of Wi-Fi Protected Access, based on AES-CCMP and IEEE 802.11i, that has been the de facto Wi-Fi security standard since 2004. It belongs to the Network Security category of cybersecurity.
What does WPA2 mean?
The second generation of Wi-Fi Protected Access, based on AES-CCMP and IEEE 802.11i, that has been the de facto Wi-Fi security standard since 2004.
How do you defend against WPA2?
Defences for WPA2 typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for WPA2?
Common alternative names include: Wi-Fi Protected Access 2, IEEE 802.11i.