Is WPA3 genuinely more secure than WPA2?

Yes, across three structural axes. First, WPA3 introduces SAE (Simultaneous Authentication of Equals), a key-exchange protocol based on the Dragonfly mechanism that makes offline dictionary attacks impossible — even if an attacker captures the initial handshake, they cannot test candidate passwords offline the way they could with WPA2-PSK. Second, WPA3 enables Perfect Forward Secrecy by default: each session generates a unique ephemeral key, so compromising one session's key gives no access to any past session. Third, WPA3 introduces OWE (Opportunistic Wireless Encryption) for open networks — a café offering password-free Wi-Fi can still encrypt radio traffic between each client and the AP, neutralising classic packet sniffing. None of these improvements are cosmetic. The Wi-Fi Alliance published WPA3 in 2018 specifically to address WPA2's structural limitations, most starkly exposed by KRACK in 2017.

Does my current hardware support WPA3?

It depends on the year and device category. Smartphones: iPhone XS/iOS 13 and later (2018), Android 10 and later (2019, support varies by manufacturer). Computers: Windows 10 build 2004 (May 2020) and Windows 11, macOS Big Sur (2020), Linux with wpa_supplicant 2.10+. Routers: ISP-supplied routers from major UK and US carriers began supporting WPA3 seriously from 2020–2022. Wi-Fi 6 routers (802.11ax, since 2019) and Wi-Fi 7 (802.11be, since 2023) support WPA3 natively. IoT: very uneven — many consumer-grade connected devices (older Philips Hue bulbs, low-cost IP cameras, certain thermostats) are stuck on WPA2-PSK and will never receive a WPA3 update. To check: Windows → Settings → Network → Wi-Fi → Properties → Security type; iOS → Settings → Wi-Fi → tap (i) next to the network; Android → Settings → Wi-Fi → current network → Details.

Should I replace my router if I'm still on WPA2?

Not necessarily, but it's a good opportunity if you're upgrading for another reason (moving to Wi-Fi 6, switching provider, faster broadband). As long as your home network uses a long, strong password (12+ mixed characters), WPA2-PSK remains reasonably secure for standard domestic use in 2026 — the KRACK 2017 flaw has been patched on all modern OSes, and offline dictionary attacks are computationally costly against a properly long password. The situation changes if you use a short Wi-Fi password (fewer than 10 characters) or a common one, if you run an access point in a professional or shared-housing environment, or if you host sensitive IoT devices (cameras, alarms, smart locks). In those cases, moving to WPA3 — via a compatible router or by enabling it on a supported device — brings a significant improvement. The recommended 2026 practice: enable WPA2/WPA3 mixed mode (transition mode) to stay compatible with older devices while benefiting from WPA3 on modern clients.

Does WPA3 protect you on public Wi-Fi?

Partially — the main contribution is OWE (Opportunistic Wireless Encryption), often called Enhanced Open in consumer UIs. On a WPA2 or unencrypted open Wi-Fi (still the most common setup in 2026 at cafés and hotels), any connected client can potentially sniff other clients' traffic using Wireshark in monitor mode. OWE opportunistically encrypts each client-AP connection with an ephemeral key without requiring a shared password. Result: even on an 'open' network with no password, the radio traffic between each client and the AP becomes unreadable to other clients. That's a meaningful structural improvement. Limitation: OWE only protects the radio layer, not the rest of the chain. The hotspot operator still sees domains via DNS and SNI, and other attacks (Evil Twin, compromised captive portal) remain possible. A VPN is still necessary for serious use on public Wi-Fi — see our full guide on [public Wi-Fi risks in 2026](/blog/public-wifi-risks-2026).

WPA2 vs WPA3: what the new Wi-Fi standard actually changes in 2026

Q: What is KRACK and is it still a problem in 2026?

KRACK (Key Reinstallation AttaCKs) is a family of vulnerabilities discovered in 2017 by Mathy Vanhoef and Frank Piessens, two researchers at KU Leuven in Belgium. The attack exploited a flaw in WPA2's 4-way handshake: by forcing the client to reinstall an already-used session key, the attacker could in some cases decrypt traffic or even inject packets. The flaw affected virtually every WPA2 implementation on the market (Windows, macOS, Linux, Android, iOS, IoT). The industry responded quickly: Microsoft, Apple, Google, and Linux distributions all patched between October 2017 and January 2018; routers received corrective firmware from late 2017 through mid-2018. In 2026, on an up-to-date OS and firmware, KRACK is no longer a practical threat. The reason WPA3 remains relevant despite the KRACK patch: WPA3 structurally eliminates the class of vulnerabilities that made KRACK possible, rather than patching one specific instance. SAE replaces the 4-way handshake with a Diffie-Hellman authenticated exchange, which by construction prevents key reinstallation attacks.

Wi-Fi security is one of those technical areas where changes are barely visible to end users yet structurally significant. WEP was broken in the early 2000s; WPA then WPA2 dominated for nearly two decades; and WPA3 — officially published by the Wi-Fi Alliance in 2018 — is finally becoming mainstream in 2024–2026 across ISP-supplied routers, smartphones, and new Wi-Fi 6/7 hardware. Understanding what actually changes between the two standards isn't just for network administrators: it directly affects what a neighbour, a malicious flatmate, or a nearby attacker can technically do with your home network or a public hotspot.

This guide covers the structural flaws in WPA2 that motivated the new standard, the concrete improvements of WPA3 (SAE, Perfect Forward Secrecy, OWE for open networks), the state of hardware support in 2026 across the main device categories, and practical mitigations if your hardware hasn't caught up yet.

TL;DR

WPA3 fixes WPA2's three structural weaknesses: (1) offline dictionary attacks against the 4-way handshake (PMKID, capturable in seconds), (2) no Perfect Forward Secrecy (compromising one session compromises the past), (3) zero encryption on open networks (cafés, hotels). WPA3 introduces SAE (Simultaneous Authentication of Equals), replacing PSK with a Diffie-Hellman authenticated exchange resistant to offline attacks; Perfect Forward Secrecy by default (ephemeral session keys); and OWE (Opportunistic Wireless Encryption) for open networks. The KRACK 2017 flaw (Vanhoef & Piessens, KU Leuven) that exposed WPA2 has been patched on all modern OSes — so WPA2-PSK with a long password remains reasonably safe for domestic use in 2026. But on public Wi-Fi or with exposed IoT devices, WPA3 delivers meaningfully stronger protection. The Wi-Fi Alliance publishes the official WPA3 certification; WPA2/WPA3 transition mode remains the recommended configuration for compatibility.

Brief history: WEP → WPA → WPA2 → WPA3

To understand WPA3 you need to understand what it replaces and why it took 16 years to move from WPA2 (2004) to broad adoption (2024+). Four generations of protocols, each introduced to address the flaws of the previous one.

WEP (Wired Equivalent Privacy, 1997–2003). The first Wi-Fi security protocol, based on RC4 and CRC-32. Technically broken as early as 2001 by Fluhrer, Mantin and Shamir, who showed that the key could be recovered by statistically analysing a few minutes of traffic. By 2007, public tools (aircrack-ng) let anyone crack a WEP key in 5–10 minutes. The Wi-Fi Alliance officially retired WEP in 2004, but you can still find it today on some obsolete industrial equipment — a real perimeter-security concern in older factories.

WPA (Wi-Fi Protected Access, 2003). A temporary transition designed to patch WEP without replacing existing hardware. Introduced TKIP (Temporal Key Integrity Protocol) — still based on RC4 but with key rotation. Broken in 2008 by the Beck-Tews attack exploiting TKIP weaknesses. Considered obsolete by 2010, officially retired by the Wi-Fi Alliance in 2015.

WPA2 (2004, mandatory since 2006). The standard that dominated from 2006 to 2020. Introduced CCMP (Counter Mode CBC-MAC Protocol) based on AES-128 — a solid cryptographic primitive still considered secure in 2026. Two modes: Personal (PSK, a pre-shared key shared among all clients) for home use, Enterprise (802.1X with a RADIUS server) for business. The Personal mode became the de facto standard for 95% of residential installations. Key vulnerabilities identified over time: PMKID attack (2018, Jens Steube, hashcat) allowing capture of an identifier usable for offline brute-force; KRACK (2017, Vanhoef & Piessens) exploiting the 4-way handshake. All patched at OS and firmware level, but these flaws showed that WPA2's architectural foundation was ageing.

WPA3 (published 2018, commercial certification 2018–2020, adoption 2020–2026). Published by the Wi-Fi Alliance in June 2018. Three structural improvements: SAE replacing PSK for authentication, mandatory Perfect Forward Secrecy, OWE for open networks. Also: key size increased to 192 bits in Enterprise mode (previously 128 bits), MFP (Management Frame Protection) mandatory to prevent de-authentication attacks. Deployment was slow: it required Wi-Fi 6 chipsets (2019+) to become mainstream, then ISP-supplied routers to follow.

Known WPA2 flaws — why WPA3 was necessary

WPA2 isn't "broken" the way WEP was. Its core cryptographic primitive (AES-CCMP) remains solid. But the authentication protocol (4-way handshake) and key management accumulated enough structural flaws to justify a redesign. Here are the three principal ones documented in the academic literature.

KRACK (Key Reinstallation Attacks, 2017)

Discovered by Mathy Vanhoef and Frank Piessens at KU Leuven in 2017. The attack exploits a weakness in WPA2's 4-way handshake: an attacker within radio range can force the victim to reinstall an already-used session key, which in some implementations reset cryptographic nonces and counters. Consequence: partial traffic decryption, and on particularly vulnerable implementations (Android 6 and earlier, wpa_supplicant 2.4–2.6), a complete key reset allowing full read access. Almost every OS on the market was affected to varying degrees. The industry responded quickly: Microsoft, Apple, Google, and Linux distributions all patched between October 2017 and January 2018; routers followed between late 2017 and mid-2018. In 2026, on an up-to-date OS, KRACK is no longer exploitable. The lesson: the complexity of the 4-way handshake had become a vulnerability surface — WPA3 replaces it by design.

PMKID attack (2018)

Discovered by Jens Steube, creator of hashcat, in August 2018. On certain WPA2 APs, the first association frame exposed the PMKID (Pairwise Master Key Identifier) — a hash derived from the Wi-Fi password. An attacker could capture this PMKID without waiting for any client to connect, then launch an offline brute-force or dictionary attack against the hash without further interacting with the network. Against a short or common password, cracking time dropped to a few hours on a consumer GPU. Against a long, strong password (12+ mixed characters), the attack remained theoretically costly but not impossible. This particular flaw accelerated WPA3 adoption — because it revealed that simply putting an AP into service exposed cryptographic material to offline attacks, regardless of client behaviour.

Offline dictionary attack against the 4-way handshake

Even without PMKID, an attacker who captures a complete 4-way handshake (by waiting for a client to connect, or by forcing a de-authentication then reconnection) can attempt an offline brute-force attack against the PSK. The tool hashcat with a modern GPU (RTX 4090) tests several hundred thousand candidates per second against WPA2-PSK. Against a dictionary of common passwords (rockyou.txt, breach databases), a weak Wi-Fi password falls in minutes. Against a strong password (12+ random characters), the combinatorial complexity makes the attack economically unviable for a domestic target. But against a specifically identified access point (a business, a sensitive location), a dedicated attacker can invest resources. WPA3 eliminates this class of attack via SAE — an attacker who captures the SAE handshake cannot test candidate passwords offline.

What WPA3 concretely delivers: SAE, PFS, OWE

WPA3 is not merely an incremental update. Three structural mechanisms change what an attacker can technically do against a Wi-Fi network.

SAE (Simultaneous Authentication of Equals)

This is the heart of WPA3 and the replacement for the legacy PSK. SAE is based on the Dragonfly protocol (formalised in RFC 7664 and RFC 8146). Instead of a shared password that directly derives the session key, SAE uses a Diffie-Hellman exchange authenticated by the password: client and AP exchange public cryptographic elements, prove they know the password without revealing it, and derive a unique session key. Operational consequence: capturing the SAE handshake yields no exploitable material offline. An attacker who sniffed the entire exchange cannot test candidate passwords at home on their GPU. The only remaining attack is online — they must query the AP directly for each attempt, which is observable and rate-limitable. The cost of a dictionary attack multiplies by several orders of magnitude. SAE makes offline dictionary attacks — which worked against WPA2-PSK with moderate passwords — economically impractical.

Technical note: SAE Dragonfly has undergone critical cryptographic analysis. The Dragonblood vulnerabilities (2019, Mathy Vanhoef again) identified timing side-channels in some early implementations — corrected in WPA3 R2 (2020). Since WPA3 R3 (2022), the protocol includes H2E (Hash-to-Element) which definitively hardens against these side-channels. Modern implementations are considered robust.

Perfect Forward Secrecy (PFS)

Under WPA2, if a patient attacker records all encrypted traffic on a network for months and eventually recovers the PSK (by physically stealing the router, or through a password leak), they can retroactively decrypt the entire recorded traffic. That is a complete absence of Forward Secrecy. WPA3 enables PFS by default: each session generates a unique ephemeral key, derived from the SAE exchange but independent of the long-term password. Compromising the password yields no past session keys. This is the same property as TLS 1.3 on the web, extended to Wi-Fi. For the majority of home users, the direct impact is limited (who records encrypted Wi-Fi traffic just in case?), but for high-stakes environments (law firm, medical practice, journalist), this is a structurally important protection.

OWE (Opportunistic Wireless Encryption)

The most visible improvement for end users, because it changes what happens on "open" public Wi-Fi networks (cafés, hotels, airports). On an open WPA2 or unencrypted network, any connected client can sniff other clients' radio traffic with a tool like Wireshark in monitor mode. That's the classic coffee-shop attack — someone captures another client's session cookies on the same Wi-Fi. OWE, formalised in RFC 8110, introduces opportunistic encryption: without a shared password, each client automatically negotiates a Diffie-Hellman key with the AP at connection time, and all radio traffic between that client and the AP is encrypted with a key unique to them. Consequence: another client on the same Wi-Fi can no longer sniff the traffic, even with a sophisticated Wireshark setup. The hotspot operator, however, still sees traffic in cleartext on the infrastructure side (and remains exposed to SNI/DNS leaks — hence the need for a VPN on top; see public Wi-Fi risks in 2026).

In 2026, OWE is beginning to be deployed in hotel chains and some advanced public venues (US universities, large corporations). Mainstream adoption is still partial — many hotspots remain on open unencrypted connections, or on WPA2-PSK with the password displayed at the counter.

Comparison table: WPA2 vs WPA3

Criterion	WPA2	WPA3
Year published	2004	2018
Data encryption	AES-CCMP 128-bit	AES-CCMP 128-bit (Personal) or GCMP-256 (Enterprise)
Authentication	PSK (Pre-Shared Key)	SAE (Simultaneous Authentication of Equals)
Forward Secrecy	No	Yes (by default)
Offline dictionary attack	Possible (PMKID, 4-way handshake)	Impossible (SAE resists by construction)
Open networks	No encryption	OWE (opportunistic encryption)
Management Frame Protection	Optional	Mandatory
Enterprise mode	802.1X + AES-128	802.1X + AES-256 (192-bit mode)
Backward compatibility	—	WPA2/WPA3 transition mode available
Known critical vulnerabilities	KRACK 2017, PMKID 2018 (patched)	Dragonblood 2019 (patched R2/R3)

Reading the table. On the encryption primitive, little changes — AES remains the foundation and that's correct. The difference lies in authentication (SAE vs PSK), session key management (PFS by default), and open networks (OWE). These are precisely the three axes where WPA2 showed its architectural limits. WPA3 doesn't "break" WPA2 — it replaces the problematic components with designs resistant to known attack classes.

Who supports WPA3 in 2026 — deployment status

WPA3 adoption has been slow because it depends on three layers that must all keep up: the router, the clients, and the firmware. Market status at mid-2026:

ISP-supplied routers. Recent routers from major UK and US carriers support WPA3 in transition mode (backwards compatible with older WPA2 clients). In the UK: BT Smart Hub 2 (2020+), Sky Broadband Hub (2021+), and Virgin Media Hub 5 (2022+) all support WPA3. In the US: Comcast/Xfinity Gateway XB8 (2021+), Verizon Fios Router G3100 (2020+), and AT&T BGW320 (2021+) support WPA3 natively. Older gateway models remain locked to WPA2 with no upgrade path. If you have a router supplied before 2020, request a hardware refresh from your provider or bypass it with your own Wi-Fi 6 router.

Smartphones and tablets. Apple: iPhone XS, XR and later running iOS 13+ (2018), iPad Pro 2018+ running iPadOS 13+. In 2026, every active iPhone or iPad on the market supports WPA3. Android: from Android 10 (2019) at OS level, but effective support depends on the phone's Wi-Fi chipset. Samsung Galaxy S10+ (2019), Pixel 4 (2019) and later support WPA3. On entry-level Android devices, support may be absent. Check under Settings → About → Specifications.

Computers. Windows 10 build 2004 (May 2020) adds WPA3 support to the Wi-Fi stack; Windows 11 supports it natively. Linux with wpa_supplicant 2.10+ or iwd. macOS Big Sur (2020) and later. ChromeOS since 2020. In 2026, all active desktop OSes support WPA3 except old unmaintained installations.

Connected objects (IoT). The weak link. Many IoT devices deployed between 2015 and 2020 (IP cameras, smart plugs, older Nest thermostats, certain Philips Hue lights) are stuck on WPA2-PSK and will never receive WPA3 firmware. More recent devices (post-2022) mostly support WPA3 — but the IoT replacement cycle is long (5–10 years). Practical consequence: as long as you have a WPA2-only device on your network, you must stay in transition mode or create a separate SSID for IoT.

WPA2/WPA3 transition mode — the recommended configuration. All WPA3 routers support a mixed mode where the SSID accepts both protocols simultaneously. WPA3 clients negotiate WPA3; WPA2 clients negotiate WPA2. This is the recommended configuration for a mixed household: you benefit from WPA3 protection on modern devices without breaking older IoT devices. Caveat: transition mode is theoretically vulnerable to downgrade attacks (forcing a client to speak WPA2 even when WPA3 is available) — for domestic use, the risk is marginal; for a sensitive professional environment, consider switching to WPA3-only.

★ Audit Deloitte 2024 · ✓ Garantie 30 jours · 14M+ utilisateurs (source : NordVPN press)

Complete your Wi-Fi security with an audited VPNDeloitte no-log audit 2024 · System kill switch · 30-day money-back guarantee→

What to do if your hardware doesn't support WPA3

If your router is still on WPA2 and you can't replace it right now, several mitigations reduce residual risk without requiring new hardware.

Long, strong Wi-Fi password. This is the highest-impact measure with minimal effort. A 16+ character mixed password (letters, numbers, symbols) makes offline dictionary attacks economically unviable even on WPA2. A short password (8 characters, dictionary word) falls in a few hours on a consumer GPU. A password manager's generator (NordPass, 1Password, Bitwarden) handles this in 10 seconds — the password only needs to be typed once per device, so there's no ergonomic downside.

Up-to-date router firmware. Many routers received KRACK and PMKID patches between 2018 and 2020. Check the current firmware version in the admin interface and update it if a newer version exists. On ISP-supplied routers this is typically automatic, but may be disabled — check.

Disable WPS (Wi-Fi Protected Setup). WPS, the "button to quickly pair" mechanism, has historical vulnerabilities (Reaver, 2011) that allow the WPS PIN to be cracked in a few hours, then the PSK to be recovered. Disabling WPS in the router admin panel closes this attack vector regardless of WPA2 vs WPA3.

Separate SSID for IoT. If you have connected objects that require WPA2-PSK, create a dedicated second SSID (e.g. "HomeIoT") with a distinct password, and isolate it from your main network via the router configuration (VLAN or client isolation). Result: if an IoT device is compromised (an IP camera running unmaintained firmware), it doesn't provide access to the rest of the home network.

Disabling SSID broadcast — limited value. Hiding the network name ("SSID broadcast off") provides no real protection — an attacker identifies the SSID the moment a legitimate client connects. It's a surface-visibility reduction measure with no meaningful security addition. Optional.

VPN on top, especially when mobile. On public WPA2-PSK or open Wi-Fi, a VPN remains the structural defence regardless of the Wi-Fi version. It encrypts all traffic at the device's exit point, neutralising local network attacks (sniffing, ARP spoofing, Evil Twin). At home, using a VPN is more a privacy-from-ISP question than a Wi-Fi security one. Our NordVPN review 2026 covers this in detail.

Summary: practical choice by context

Three profiles cover the decision for most users in 2026.

Profile 1 — Standard home network. WPA2-PSK with a long password remains reasonable. Enable WPA3 if your router supports it (transition mode for IoT compatibility). Not urgent to replace the router for this alone, but do it at the next refresh cycle. Disable WPS, keep firmware updated.

Profile 2 — Public Wi-Fi. WPA2 or open networks remain the majority in 2026; OWE is still rare. Protection comes primarily from the VPN, not from the Wi-Fi protocol. Enable VPN with kill switch before connecting. Check for leaks with our DNS leak test tool. Disable file sharing.

Profile 3 — Sensitive environment (law firm, home office handling confidential data). Move to WPA3-only if possible (segregate IoT from the main network), mandatory Management Frame Protection, regular Wi-Fi audit with a professional tool (Kismet, Wireshark). Consider Enterprise mode (802.1X with a RADIUS server) rather than Personal. Our complete VPN audit in 9 tests covers the complementary layer.

Going further

WPA3 fixes WPA2's structural limitations without making the older standard immediately obsolete — a WPA2-PSK network with a long password and up-to-date firmware remains reasonable for standard domestic use in 2026. WPA3's decisive contributions are in offline dictionary attacks (SAE), retroactive protection (PFS), and open networks (OWE). On public Wi-Fi, these gains matter — but they don't replace a VPN for closing SNI/DNS leaks and neutralising Evil Twin attacks. See also our guide on public Wi-Fi risks in 2026 which covers the full defensive stack, and VPN kill switch explained on the non-negotiable client-side configuration piece.

Wi-Fi and network security — related guides

Article published on 29 May 2026. Methodology: synthesis of official Wi-Fi Alliance documentation (WPA3 R1/R2/R3 certifications, public specifications), relevant IETF RFCs (RFC 7664 Dragonfly, RFC 8110 OWE, RFC 8146 Dragonfly clarifications), and academic publications on KRACK (CCS 2017, Vanhoef & Piessens), PMKID (Steube 2018), and Dragonblood (NDSS 2019). Cross-tested on a BT Smart Hub 2, an Eero Pro 6 (Comcast network), and an ASUS Wi-Fi 6 router between March and May 2026.