Routers are getting a security upgrade. The WiFi Alliance, which oversees technical standards, is launching a new technology that it says will make both home and business networks safer.
The third-generation WiFi Protected Access, or WPA3, wireless security protocol will start rolling out to many routers and devices from laptops to smart thermostats already in consumers’ homes this summer, through software upgrades. In the coming months, routers and other consumer products will starting incorporating WPA3 right out of the box.
Routers are the most frequently targeted devices in the rising number of attacks on gadgets with online connections, such as cameras and thermostats, according to cybersecurity firm Symantec’s annual Internet Security Threat Report.
And routers are carrying an increasing amount of data as those other “internet of things” devices proliferate in people’s homes.
“More than half of internet data is going over a WiFi link,” says Kevin Robinson, the WiFi Alliance’s vice president of marketing. “WiFi security is the first line of defense around that data.”
Here’s what you should know about the latest security protocol.
What Does WPA3 Do?
WPA3 essentially protects a user’s network by making it much harder to guess the WiFi password using powerful computers than can cycle through tens of thousands of possibilities in moments, Robinson says.
For the new protections to work, both the routers and the devices that connect to the network need the new technology. That can include everything from a smartphone to a desktop computer to the devices such as thermostats and web-based security cameras.
Robinson says that manufacturers can update routers and other internet-connected devices remotely, using software updates. And those updates will start to roll out over the next few weeks.
But when Consumer Reports contacted five of the biggest router makers asking when firmware updates would be available and when new routers would start to incorporate WPA3, none would provide a date—although several expressed support for the new protocol.
As an example, Netgear says it’s “closely working with our technology partners in incorporating the feature as soon as possible.” And a Norton representative confirms WPA3 will be “included in future Norton Core routersand deployed to existing Norton Core customers through a firmware update.”
Qualcomm, which makes the Snapdragon chips that power most Android phones, says that many existing and new phones could support WPA3 by the end of the summer. Updates will be included with new versions of the Android operating system.
However, says Robinson, it will take more than a year until most new products are shipped to consumers with support for WPA3 in place—he expects the new protocol to be everywhere by late in 2019. (The WiFi Alliance will add WPA3-compatible devices to its Product Finder as they become available.)
Even then, older devices won’t become obsolete if they can’t support WPA3, he says. Currently, the best router security is provided by a protocol called WPA2 (and, specifically, a variant called WPA2-AES). “The WiFi Alliance is committed to maintaining WPA2 and evolving it as needed while the industry starts migrating to WPA3,” he says.
Additionally, there will be a transitional version of WPA3 that allows devices using WPA2 to link up to the same network. That means you won’t need to replace every WPA2 device in your home over the next couple of years, though the devices using the older protocol won’t have the same level of protection.
What Should I Do Now?
While WPA3 is rolling out, consumers should make sure their home routers are operating on WPA2-AES by opening their router settings.
You may be able to do that through the mobile app associated with your router.
For other routers, you’ll need to open a web browser and type in the device’s IP address. Very often, the address is 192.168.0.1 or 192.168.1.1, but this varies by brand—as do the instructions for downloading and installing your software. So do an online search for the customer support pages for your router model.
While you’re there, you can also check for WPA3 updates, and other security updates. (More details on how to adjust router settings are here.)
Consumer Reports security experts say that some older routers may not support WPA2 either, and rely instead on older technology, such as the outmoded WEP protocol. (Router security is a field jam-packed with acronyms.)
“Unfortunately, router manufacturing and security research aren’t always aligned,” says Robert Richter, who oversees CR’s security and privacy testing program. “So older routers may not be equipped with newer protocols.”
If you have one of those routers, Richter says, it’s time to replace it.