Wi-Fi Protected Access (WPA)

Contributor(s): Margaret Rouse

Wi-Fi Protected Access (WPA) is a security standard for users of computing devices equipped with wireless internet connections, or Wi-Fi. It improved upon and replaced the original Wi-Fi security standard, Wired Equivalent Privacy (WEP). WPA provides more sophisticated data encryption than WEP, and it also provides user authentication -- WEP's user authentication was considered insufficient.

WPA's encryption method is the Temporal Key Integrity Protocol (TKIP). TKIP includes a per-packet mixing function, a message integrity check, an extended initialization vector and a re-keying mechanism. WPA provides strong user authentication based on 802.1x and the Extensible Authentication Protocol (EAP). WPA depends on a central authentication server, such as RADIUS, to authenticate each user.

Software updates that allow both server and client computers to implement WPA became widely available during 2003. Access points (see hot spots) can operate in mixed WEP/WPA mode to support both WEP and WPA clients. However, mixed mode effectively provides only WEP-level security for all users. Home users of access points that use only WPA can operate in a special home mode in which the user need only enter a password to be connected to the access point. The password will trigger authentication and TKIP encryption.

Wi-Fi Protected Access II and the most current security protocols

Wi-Fi Protected Access is a subset of, and is compatible with, IEEE 802.11i -- sometimes referred to as WPA2 -- the security standard that superseded it in 2004. WPA2 uses the Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP). It is based on the obligatory Advanced Encryption Standard algorithm, which provides message authenticity and integrity verification, and it is much stronger and more reliable than the original TKIP protocol for WPA.

WPA2 still has vulnerabilities; primary among those is unauthorized access to the enterprise wireless network, where there is an invasion of attack vector of certain Wi-Fi Protected Setup (WPS) access points. This can take the invader several hours of concerted effort with state-of-the-art computer technology, but the threat of system compromise should not be discounted. It is recommended the WPS be disabled for each attack vector access point in WPA2 to discourage such threats.

Wi-Fi Protected Access.

Though these threats have traditionally, and virtually exclusively, been directed at enterprise wireless systems, even home wireless systems can be threatened by weak passwords or passphrases that can make it easier for an invader to compromise those systems.

This was last updated in August 2016 ???publishDate.suggestedBy???

Continue Reading About Wi-Fi Protected Access (WPA)

Dig Deeper on Mobile networking



Find more PRO+ content and other member only offers, here.

Join the conversation


Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Nice advance. Business (and even the casual user) need better WiFi security. Will this survive the endless battering of the data thieves...?
With a significant number of wi-fi connections not having passwords - they surely are extremely vulnerable. A combined authentication of the machine and the wifi network will be a good start for implementing the security.
Have you experienced security issues with WPA or WPA2? What were they, and how did you resolve them?


File Extensions and File Formats