Are you using the right WiFi Security? WPA, WPA2-AES, WPA2-TKIP, What does it all mean?
When setting up a new wireless router you have a few different options when it comes to the level on encryption you'll be using to secure your wifi network. If you haven't been keeping up with wifi security standards it can all seem like a bit of a different language. We're going to break it down for you real quick so you're ready to make the right choice for your network.Wireless EncryptionWhen you talk about securing a wireless network, you're actually talking about how a wireless network is encrypted. This encryption happens when you first establish a connection with a wireless network and your device and the router decide on the encryption type they'll be using for the duration of the connection. For you, this is what it looks like. You're at a new location and want see if they have wifi. You open up the wireless networks option on your laptop, tablet, or phone and lo and behold find a few different options. These options are the different routers around you that are broadcasting that they have a wireless network ready for use. When you then tap on one of those options it will likely then ask you for a password before you can join up. That password is the key to completing the encryption process and securing all subsequent communication between your device and the router. Of course security encryption has evolved over the years so we want to make sure that the encryption level that we're using is as secure as it can be. So we now have different security modes that we need to know so we can choose the best one for our setup.TKIP vs AESTKIP and AES are two separate forms of encryption that can be utilized by a wifi network. TKIP stands for "Transient Key Integrity Protocol." It was introduced with WPA as a stop gap to replace the highly insecure WEP encryption standard. WEP was the first encryption protocol used to secure wireless networks and is now easily compromised and should never be used. TKIP shares many similarities with WEP encryption and is no longer considered secure. So it too should no longer be seriously considered when securing your network.AES is now the gold standard in encryption. It stands for "Advanced Encryption Standard" and is used for more than just wireless networks. It's a worldwide encryption standard used by many different governments and organizations to secure all manner of files and communication. The main weakness in AES enryption would be a brute force attack which can generally be accounted for by using a strong passphrase. AES was introduced into wireless network security with the WPA2 standard.The other part of the equation that you'll often see is PSK. PSK simply stands for "Pre Shared Key" and simply means that a password is being used as the "key" to activate the secure network.Now that we're armed with the types of security at our disposal, let's get to the work of choosing one.Breaking it all downThese are the typical types of security options that we'll see when setting up a new wireless network.
- Open (risky): An open wireless network is one where you have no password. You shouldn't be setting up or joining an open wifi network. None of your network traffic will be encrypted which means it's visible to anyone who wants to look.
- WEP 64 (risky): The old WEP encryption standard is deprecated and extremely vulnerable and should never be used.
- WEP 128 (risky): This is simply WEP with a larger encryption key size. Still should never be used.
- WPA-PSK (TKIP): This is basically the standard WPA, or WPA1, encryption. It’s been superseded and is no longer a secure option.
- WPA-PSK (AES): This chooses the older WPA wireless protocol with the more modern AES encryption. Devices that support AES will almost always support WPA2, while devices that require WPA1 will almost never support AES encryption. So we're left with something that's rarely used.
- WPA2-PSK (TKIP): This uses the modern WPA2 standard with older TKIP encryption. This option isn’t very secure, and is only a good idea if you have older devices that can’t connect to a WPA2-PSK (AES) network.
- WPA2-PSK (AES) (recommended): Here's the one we want. It's the most secure of the bunch at the moment. It uses WPA2, the latest Wi-Fi encryption standard, and the latest AES encryption protocol. You should be using this option.
- WPA/WPA2-PSK (TKIP/AES): This enables both WPA and WPA2 with both TKIP and AES. This provides maximum compatibility with any ancient devices you might have, but also ensures an attacker can breach your network by cracking the lowest-common-denominator encryption scheme. This TKIP+AES option may also be called WPA2-PSK “mixed” mode. Don't be fooled, this is not the standard you want to be using.
Using lower standards for compatibility doesn't generally make sense anymoreWPA2 certification became available ten years ago! In 2006, WPA2 certification became mandatory so any device manufactured after 2006 with a “Wi-Fi” logo must support WPA2 encryption. That’s now eight years ago! Your wifi enabled devices are probably newer than 8-10 years old, so you should be fine just choosing WPA2-PSK (AES). Select that option and then see if anything doesn't work. If a device does stop working, you can always change it back — although you may just want to buy a new device manufactured at any time in the last eight years rather than compromise your network for the sake of compatibility with an out dated device.and just so you know, using WPA and TKIP will usually slow down your wifi network!Many modern wifi routers that support newest and fastest standards will slow down to 54mbps if you enable WPA or TKIP in their options. They do this to ensure they’re compatible with these older devices which then impacts your entire wireless network. So choosing an encryption level isn't just about security.Hopefully you now have a better understanding of wireless encryption and are ready to update your network so it can be as secure as possible! If it all still seems a little over whelming just give us a call and ask for our network optimization service and we'll take care of it all for you. Want Bellingham IT blog updates to hit your email? Click here to subscribePhoto Cred: Midom