WPA2 Shared Key Security: Is it Safe?

TL;DR

WPA2 with a shared key (PSK – Pre-Shared Key, often just called ‘password’) can be secure, but it’s generally weaker than WPA2 Enterprise using certificates. It relies heavily on having a strong password and keeping your router’s firmware up to date. Modern routers should use WPA3 where possible.

Understanding the Risks

WPA2-PSK is the most common type of home Wi-Fi security. Here’s what you need to know about its vulnerabilities:

• Password Strength: The biggest weakness is the password itself. Short, simple passwords are easily cracked using brute-force attacks or dictionary attacks.
• KRACK Attack (2017): While patched in most routers now, the KRACK attack demonstrated a vulnerability in WPA2’s key exchange protocol. Keeping your router firmware updated is vital.
• Offline Dictionary Attacks: If someone captures enough of the Wi-Fi handshake, they can try to crack the password offline without being connected to your network.

How Secure Is *Your* WPA2 Connection?

Here’s how to improve your security:

1. Choose a Strong Password

1. Length: Aim for at least 14 characters, preferably more.
2. Complexity: Use a mix of uppercase and lowercase letters, numbers, and symbols. Avoid easily guessable information like birthdays or pet names.
3. Uniqueness: Don’t reuse passwords from other accounts.
4. Password Managers: Consider using a password manager to generate and store strong, unique passwords.

2. Update Your Router Firmware

Router manufacturers regularly release firmware updates that fix security vulnerabilities. Check your router’s website for the latest version.

• How to check: Usually found in the router’s admin interface (often accessed via a web browser at 192.168.1.1 or 192.168.0.1 – check your router’s manual). Look for a section labelled ‘Firmware Update’, ‘Router Upgrade’, or similar.
• Automatic Updates: Enable automatic firmware updates if available.

3. Check Your Router’s Security Settings

1. WPA3 Support: If your router supports WPA3, enable it! It offers stronger security than WPA2.
2. Encryption Type: Ensure you’re using AES encryption (TKIP is outdated and less secure). This is usually the default now but check anyway.
3. Hidden SSID: Hiding your network name (SSID) doesn’t significantly improve security, as it can be discovered relatively easily. It also causes compatibility issues with some devices.

4. Monitor Connected Devices

Regularly check the list of connected devices in your router’s admin interface to identify any unauthorized access.

5. Consider WPA2 Enterprise (If Possible)

WPA2 Enterprise uses certificates for authentication, which is much more secure than a shared key. However, it requires a RADIUS server and isn’t practical for most home users. It’s common in businesses.

Checking Your Wi-Fi Security (Advanced)

You can use tools like Aircrack-ng to assess your network security. Be aware that using these tools on networks you don’t own is illegal!

• Airodump-ng: Captures Wi-Fi traffic.

  airodump-ng wlan0mon

• Aircrack-ng: Attempts to crack the WPA2 password from a captured handshake file (.cap).

  aircrack-ng -w /path/to/wordlist.txt /path/to/capturefile.cap

If your password cracks quickly with these tools, it’s time to change it!

Final Thoughts

WPA2-PSK is adequate for many home users if you follow the steps above. However, WPA3 offers better security and should be used whenever possible. Prioritise a strong password and regular firmware updates.