WPA3
What is WPA3?
WPA3The third generation of Wi-Fi Protected Access, introducing SAE-based authentication, forward secrecy, and stronger protections for personal and enterprise Wi-Fi.
WPA3 was finalised by the Wi-Fi Alliance in 2018 to address known weaknesses in WPA2. Its Personal mode replaces the WPA2 4-way handshake with Simultaneous Authentication of Equals (SAE), a Dragonfly-based PAKE that resists offline dictionary attacks and provides forward secrecy. Its Enterprise mode adds a 192-bit security suite for high-assurance environments, mandating strong ciphers and key lengths. WPA3 also requires Protected Management Frames (PMF) to defend against deauthentication and beacon-spoofing attacks and includes an Easy Connect onboarding mode for IoT. Real-world security still depends on patched implementations after the Dragonblood attacks against early SAE deployments and on rejecting WPA2 fallback in WPA3-only networks.
● Examples
- 01
A WPA3-Personal network uses SAE so that a captured handshake cannot be cracked offline.
- 02
A regulated agency deploys WPA3-Enterprise 192-bit with EAP-TLS for sensitive Wi-Fi.
● Frequently asked questions
What is WPA3?
The third generation of Wi-Fi Protected Access, introducing SAE-based authentication, forward secrecy, and stronger protections for personal and enterprise Wi-Fi. It belongs to the Network Security category of cybersecurity.
What does WPA3 mean?
The third generation of Wi-Fi Protected Access, introducing SAE-based authentication, forward secrecy, and stronger protections for personal and enterprise Wi-Fi.
How do you defend against WPA3?
Defences for WPA3 typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for WPA3?
Common alternative names include: Wi-Fi Protected Access 3.