What is WPA3 encryption

WPA3 encryption: Are your devices ready for the new standard?

Thomas Rau

The Fritzbox already has WPA3 - and many other routers and WLAN devices: How to check whether you can also use the new WLAN protection.

EnlargeAll Fritzbox models that run at least Fritz-OS 7.20 understand themselves on WPA3. This even applies to older routers like the Fritzbox 7490.

Most current Wi-Fi 6 devices already have WPA3 with them, and many 11ac devices can be equipped with a firmware or driver update. Using the new WLAN protection makes sense, because WPA3 makes it more difficult to crack the WLAN password in a short time and therefore helps especially with weak WLAN passwords.

You need that for WPA3

WPA 3 doesn't make WLAN protection any more complicated: You continue to secure the wireless network by entering a complex password in the router, which it asks for in the clients that want to connect. The improved protection is achieved because WPA3 calculates additional keys from the password differently than WPA2 - you can read below what exactly changes. The new method is intended to ensure that devices such as IP cameras or smart TVs, for which entering a complex password is time-consuming, can quickly and securely access the WLAN.

To be able to use WPA3, the devices involved and their operating systems must support it. For Windows 10, you must have at least the 1903 update installed. Apple devices support WPA3 from iOS 13 or iPad OS 13, Android smartphones require at least Android 10.

EnlargeWindows 10 informs you with a message that you can use WPA3 if the router and the WLAN client support the new standard.

WLAN router with WPA3

WLAN routers and clients that work with the Wi-Fi 6 standard often have WPA3 on board: The new security standard is required in order to obtain certification of the devices from the Wi-Fi Alliance. However, since not all manufacturers have this carried out, it can happen that even a current device is missing WPA3 and you have to wait for a firmware update.

With an 11ac router, you definitely need to get a firmware update that retrofits WPA3. Fritzbox models from AVM get the new security standard with Fritz-OS 7.20: This firmware version is already available for the most popular AVM routers such as the 7590, 7490, 7430 or the 6590 Cable. With other routers such as the Fritz boxes 4040, 4020 and 3490, a suitable update may still be available.

With the Telekom routers, WPA3 is currently only available for the new Speedport Pro; for the Speedport Smart 3, for example, no WPA3 update is planned.

At TP-Link, in addition to the Wi-Fi 6 routers, only the Archer C2300 V2 is getting a corresponding update for the European market. You can find an overview of all WLAN devices from TP-Link with WPA3 at www.tp-link.com/de/wpa3/product-list.

WPA3 for repeaters and WLAN clients

A WLAN repeater also requires suitable firmware if you want to use it to establish a WPA3 connection to the router. At AVM this applies, for example, to the current Fritz repeaters 3000, 1200, 2400, 600 and the 1750e. Current Wi-Fi 6 repeaters, on the other hand, are usually already equipped with WPA3. Switching to WPA3 will be difficult with WLAN sticks: adapters with Wi-Fi 6 are not yet available, and the manufacturers do not offer a suitable driver update for many AC sticks. This is the case with all AVM WLAN sticks.

With WLAN adapters in the PC or in the notebook, check on the support page of the system provider whether there is a WPA3 update for the built-in module. If you cannot find what you are looking for there, you can also look directly at the manufacturer of the WLAN device: The Intel adapters with Wi-Fi 6 and the AC models 9560, 9462, 9461 and 9260 support WPA3 from driver version 21.10.x onwards. Qualcomm offers adapters with the QCA6174 and 9377 WLAN chipsets for the new security standard, as well as the 1435, 1525 and 1535 adapters from the Killer series.

Finally, you can check the Product Finder on the Wi-Fi Alliance website at wifi.org to see whether one of your devices supports WPA3. To do this, mark “WPA3” on the left. However, only certified products are listed here that are not necessarily available in Germany.

How to check if your wireless device supports WPA3

EnlargeYou can quickly check whether a new WLAN driver has WPA3 with a command for the Windows command prompt.

If your router supports WPA3, you will find a corresponding option in its menu: It is usually in the settings for WLAN, for example under "Authentication". With a Fritzbox, WPA3 is under “WLAN -› Security - ›Encryption”. The AVM routers offer the option “WPA2 + WPA3” there. In this "transition mode" the router uses both encryption methods: WPA3 devices use the new encryption, all other WLAN clients can connect as usual via WPA2. Both methods use the same password, so you do not have to enter a new one in the router for WPA3.

With other routers or WLAN devices, only WPA3 can be set. This option is usually called "WPA3-Personal" or "WPA3-SAE". In this case, a connection is only established with WLAN clients that understand WPA3. You may see “WPA3-Enterprise” as an additional setting in your router's menu. It is important for company WLANs.

For the WPA3 check on the Windows computer, you should first check whether you have already installed the relevant update: Enter winver in the search field at the bottom left. There must be version 1903 or a higher number such as 1909, 2004 or 20H2. Then clarify the WPA3 capability of the built-in WLAN module or WLAN USB stick: To do this, open the command prompt and give the command

a. In the section “Authentication and encryption methods supported in infrastructure mode” the entry “WPA3-Personal” should appear.

Reading tip:Protecting WLAN - How to secure your wireless network