- Security
- Privacy
- Performance
WEP, WPA, WPA2, and WPA3 are Wi-Fi security protocols that encrypt wireless connections. They keep your data hidden and secure your communications while blocking hackers from your network. Generally, WPA3 is the best choice, though it isn’t available on all devices. Learn more about Wi-Fi security, then download Avast SecureLineVPN to add an extra layer of encryption.
.png)
Wi-Fi security protocols are sets of rules that protect wireless networks by encrypting data and controlling access. They help keep your information private and block hackers from infiltrating your network.
Since data transmitted across wireless networks is generally more vulnerable to interception than via wired connections like Ethernet, strong wireless security protocols are essential for maintaining online safety.
All Wi-Fi security protocols are certified by the Wi-Fi Alliance, the non-profit organization that owns the Wi-Fi trademark. There are four wireless security protocols:
Wi-Fi security protocols have improved over time — WEP, the first version, is outdated and easy to hack, while WPA3 provides the strongest protection today.
Wi-Fi encryption tools help defend your data and your device when you’re using Wi-Fi networks. Unsecured wireless networks can be riddled with potential security vulnerabilities that hackers and other cybercriminals can exploit for data breaches or malware attacks.
While Wi-Fi security protocols like WPA2 and WPA3 secure your local network by encrypting the connection itself, a VPN (virtual private network) adds another layer by encrypting all your internet traffic and routing it through a secure server. This hides your activity from your ISP, hackers, and other snoops, while also protecting you on public Wi-Fi and helping to unblock websites for broader content access.
When combined, Wi-Fi security protocols and a robust VPN create a powerful shield that keeps your data private and secure — whether you’re at home, on public Wi-Fi, or traveling abroad.
WEP, which stands for Wired Equivalent Privacy, is the oldest Wi-Fi security protocol and is now considered obsolete. It was the privacy component established in IEEE 802.11, a set of technical standards that aimed to provide a wireless local area network (WLAN) with a comparable level of security to a wired local area network (LAN).
The Wi-Fi Alliance ratified WEP as a security standard in 1999. Once touted to offer the same security benefits as a wired connection, WEP has been plagued by issues such as cryptographic flaws in the RC4 algorithm and vulnerability to attacks due to keys being recycled to save space.
Despite efforts to improve WEP, it remains fundamentally insecure and vulnerable to security breaches. As modern computing power has increased, cracking WEP’s encryption has become very simple. The Wi-Fi Alliance officially retired WEP in 2004, and any systems still using the protocol should be upgraded or replaced.
Pros:
Better than no security protocol — though not by much
Cons:
Riddled with security vulnerabilities
Only 64-bit and 128-bit keys for encryption
Fixed-key encryption
Hard to configure
WPA (Wi-Fi Protected Access) is a wireless security protocol released in 2003 to address the growing vulnerabilities of its predecessor, WEP. The WPA Wi-Fi protocol is more secure than WEP because it uses a 256-bit key encryption — a major upgrade from the 64-bit and 128-bit keys used by the WEP system. Put simply, a 256-bit key means there are so many possible combinations, it would take millions of years to crack.
WPA also uses the Temporal Key Integrity Protocol (TKIP), which dynamically generates a new key for each network packet, or unit of data. TKIP is much more secure than the fixed-key system used by WEP.
Still, WPA is not without flaws. TKIP, the core component of WPA, was designed to be implemented within WEP-enabled systems via firmware updates. This resulted in WPA still relying on easily exploitable elements.
Pros:
Addresses security vulnerabilities of the original wireless security standard, WEP
TKIP encryption method is better than the fixed-key encryption used by WEP
Uses a 256-bit key for encryption
Cons:
When rolled out onto WEP devices, TKIP can be exploited
Similar security vulnerabilities to WEP
WPA2 (Wi-Fi Protected Access 2) is the second generation of the Wi-Fi Protected Access wireless security protocol. WPA2 encrypts your wireless traffic and limits access to those with your network password.
A benefit of the WPA2 system was that it introduced the Advanced Encryption System (AES) to replace the more vulnerable TKIP system used in the original WPA protocol. AES is a robust encryption standard, relied on by governments, financial institutions, and global enterprises for its strong security.
While WPA2 is secure, some older routers still support WEP/WPA. If WEP/WPA are enabled, it can create a security loophole. To eliminate this threat, disable WEP/WPA on devices that work with WPA2 and upgrade any devices that rely solely on WEP. You should be able to do this in your router’s wireless security settings.
WPA2 Personal is the mode most commonly used for home Wi-Fi networks. Also known as Pre-Shared Key (PSK) mode, it uses a shared passcode that must be entered on both the client device and the access point.
WPA2 Enterprise is typically used in business or institutional settings. It uses the Extensible Authentication Protocol (EAP) along with a centralized authentication server, allowing each user or device to log in with unique credentials.
Pros:
Addresses many security flaws of its predecessors
Required by the Wi-Fi Alliance for use on all certified products
Uses AES 256-bit key for encryption
Cons:
Still contains some security vulnerabilities
WPA3 (Wi-Fi Protected Access 3) is the newest wireless security protocol, designed to encrypt data more securely and protect past sessions, even if a password is later compromised — a feature known as Perfect Forward Secrecy. WPA3 is even more secure than its predecessor, WPA2.
WPA3 relies on AES-GCMP (Galois/Counter Mode Protocol), a high-performance encryption mode that boosts both security and speed. Compared with the AES-CCMP mode used in WPA2, GCMP provides better data integrity and overall efficiency.
That said, while adoption has increased with newer devices, WPA3 still isn’t universal. Many older devices don’t support it, and enabling the protocol may require new hardware, which can make the transition costly.
Pros:
Offers stronger encryption protections through unique, session-specific keys and more robust key exchange methods
Utilizes the Simultaneous Authentication of Equals (SAE) protocol
Provides increased protection from brute force and dictionary attacks
Cons:
Still isn’t as widely supported as WPA2
Relatively little consumer demand
Requires more processing power than WPA2 due to advanced encryption and authentication features
WEP is the oldest and most basic Wi-Fi security protocol; WPA, WPA2, and WPA3 are more advanced options, becoming stronger and more secure as the number, which represents the protocol’s generation, increases.
Although WPA3 is the most recent and secure wireless security protocol for protecting networks, not all devices or routers support it yet — especially older ones. If that’s the case, WPA2 is generally your best alternative for securing your Wi-Fi network.
| WEP | WPA | WPA2 | WPA3 | |
|---|---|---|---|---|
| Year introduced | 1999 | 2003 | 2004 | 2018 |
| Encryption protocol | Fixed-key | TKIP | CCMP | AES-GCMP |
| Session key size | 64-bit/128-bit | 256-bit | 256-bit | 192-bit/256-bit |
| Cipher type | RC4 stream cipher | TKIP (RC4-based) | AES | Block Cipher (AES-GCMP) |
| Data integrity | Cyclic Redundancy Check | Message Integrity Check | CCMP | GMAC |
| Authentication method | Open system/Shared key | PSK | PSK + PMK | SAE + EAP |
| Key management | Symmetric key encryption | WPA + WPA-PSK | PMK + PSK | RSN + PMF |
Your Wi-Fi security type will probably be WPA2 or WPA3, with the outdated WEP and WPA as less likely alternatives. You can find out which protocol your connected network uses via the system settings on most devices.
Here’s how to check your Wi-Fi security type on Windows 11:
Right-click the Network icon in the bottom-right of your screen and select Network and Internet settings > Properties.
Your Wi-Fi security type will be under the heading Security type.
Here are the steps for checking your Wi-Fi security type on Windows 10:
Right-click the Network icon in the bottom-right of your screen and select Open Network and Internet settings.
Click Wi-Fi in the left-hand menu and select your connected network.
Your Wi-Fi security type will be listed under the heading Security type.
To find out the security type of your Wi-Fi on macOS, hold down the Option key and click the Wi-Fi icon in the upper-right corner of your screen. Your network details will appear — look for the line labeled Security.
It isn’t possible to check your Wi-Fi security type via the iPhone Settings menu. iOS users can instead check using another device or log in to their router’s admin page.
Here’s how to check your Wi-Fi security type on most Androids:
Go to Settings > Network and Internet > Internet (or Wi-Fi).
Tap your connected Wi-Fi network and look for the heading Security. You may need to go to Advanced Settings, depending on your make and model.
If you can’t find your Wi-Fi security type with all of these steps, check to ensure that your device is up to date, as the steps may be different on outdated operating systems.
To select the right Wi-Fi security protocol for you, consider factors such as encryption strength and device compatibility. If your device is compatible with WPA3 then you should select this as your security protocol as it offers the highest level of protection.
Devices released after 2020 have WPA3 support as standard, while many other devices released since 2018 (and even some before) have received updates allowing for WPA3 support. You can normally confirm if your device is WPA3 compatible by checking the manufacturer’s website or by looking for the relevant information on the packaging or user manual.
If your devices are WPA3 compatible, you can change it by logging into your router’s admin portal with your IP address. Go to Wireless Settings or Wi-Fi Security, and look for a Security Mode option where you can select WPA3 or WPA2/WPA3 Mixed Mode. The exact steps and labels may vary depending on your router’s manufacturer and model. Make sure to save your changes and reconnect your devices.
If your device is not WPA3-ready, then it is best to choose WPA2 as the next most secure option.
Wi-Fi security protocols are essential for blocking hackers from your local network. But keeping you and your family safe online is a multi-front battle. For comprehensive wireless network security, add Avast SecureLine VPN to your arsenal.
Avast SecureLine VPN provides bank-grade encryption to help protect you from threats like hackers and scammers. Download Avast’s VPN to hide your activity from your ISP, government, and other snoops. When used along with strong standardized Wi-Fi security protocols, Avast SecureLine VPN will keep your network protected on all fronts.
