#263Tech: Wi-Fi Security Modes Explained
Wi-FI stands for Wireless Fidelity and it is a networking technology designed to connect devices to the internet without the aid of cables. It operates based on the IEEE 802.11 standard and it is a trademark of the Wi-Fi Alliance.
Wi-Fi has become the most preferred choice of connectivity nowadays due to the advantage of device mobility it offers to users. Devices that can use Wi-Fi technology include personal computers, video-game consoles, phones and tablets, digital cameras, smart TVs, digital audio players and modern printers. Wi-Fi compatible devices can connect to the Internet via a WLAN and a wireless access point. Such an access point (or hotspot) has a range of about 20 meters (66 feet) indoors and a greater range outdoors.
However, Wi-FI’s greatest challenge is the security and many times do we see people battling for Wi-Fi passwords. The routers which distribute Wi-Fi signals have some in built security mechanism to protect unauthorized access to the network. These includes WEP, WPA, WPA2-Personal etc
So which one is the most secure protocol you can use to secure your wireless network?
Confused yet? We’re not surprised. But all you really need to do is hunt down the one, most secure option in the list that works with your devices. Here are the options you’re likely to see on your router:
- Open (risky): Open Wi-Fi networks have no passphrase. You shouldn’t set up an open Wi-Fi network seriously, you could have your door busted down by police.
- WEP 64 (risky): The old WEP protocol standard is vulnerable and you really shouldn’t use it.
- WEP 128 (risky): This is WEP, but with a larger encryption key size. It isn’t really any less vulnerable than WEP 64.
- WPA-PSK (TKIP): This uses the original version of the WPA protocol (essentially WPA1). It has been superseded by WPA2 and isn’t secure.
- WPA-PSK (AES): This uses the original WPA protocol, but replaces TKIP with the more modern AES encryption. It’s offered as a stopgap, but devices that support AES will almost always support WPA2, while devices that require WPA will almost never support AES encryption. So, this option makes little sense.
- WPA2-PSK (TKIP): This uses the modern WPA2 standard with older TKIP encryption. This isn’t secure, and is only a good idea if you have older devices that can’t connect to a WPA2-PSK (AES) network.
- WPA2-PSK (AES): This is the most secure option. It uses WPA2, the latest Wi-Fi encryption standard, and the latest AES encryption protocol. You should be using this option. On some devices, you’ll just see the option “WPA2” or “WPA2-PSK.” If you do, it will probably just use AES, as that’s a common-sense choice.
- WPAWPA2-PSK (TKIP/AES): Some devices offer—and even recommend—this mixed-mode option. This option enables both WPA and WPA2, with both TKIP and AES. This provides maximum compatibility with any ancient devices you might have, but also allows an attacker to breach your network by cracking the more vulnerable WPA and TKIP protocols.
WPA2 certification became available in 2004, ten years ago. In 2006, WPA2 certification became mandatory. Any device manufactured after 2006 with a “Wi-Fi” logo must support WPA2 encryption.
Since your Wi-Fi enabled devices are most likely newer than 8-10 years old, you should be fine just choosing WPA2-PSK (AES). Select that option and then you can see if anything doesn’t work. If a device does stop working, you can always change it back. Although, if security is a concern, you might just want to buy a new device manufactured since 2006.
WPA and TKIP Will Slow Your Wi-Fi Down
By comparison, even 802.11n supports up to 300mbps if you’re using WPA2 with AES. Theoretically, 802.11ac offers maximum speeds of 3.46 Gbps under optimum (read: perfect) conditions.
On most routers we’ve seen, the options are generally WEP, WPA (TKIP), and WPA2 (AES)—with perhaps a WPA (TKIP) + WPA2 (AES) compatibility mode thrown in for good measure.
If you do have an odd sort of router that offers WPA2 in either TKIP or AES flavors, choose AES. Almost all your devices will certainly work with it, and it’s faster and more secure. It’s an easy choice, as long as you can remember AES is the good one.