zagandesign - Fotolia

Can WPA2 be upgraded to WPA3?

A migration from WPA2 to WPA3 is not simple. Organizations may need to update their hardware extensively to accommodate the newer Wi-Fi encryption standard.

Wi-Fi Protected Access, or WPA, is a security standard for wireless LANs that encrypts data packets as they are transported or received across the Wi-Fi network.

Currently, WPA has three iterations. Most organizations today use the second generation of the standard, WPA2, to secure their Wi-Fi networks. However, WPA2 is now well over a decade old, and a discovered vulnerability has shown some weaknesses that give security administrators reason for concern. That's why many enterprises are looking at the latest version -- WPA3 -- to help close any vulnerability holes found in previous releases.

The WPA2-WPA3 migration path, however, isn't a clear one. Indeed, the answer to whether your current WPA2 wireless LAN (WLAN) can be upgraded to WPA3 depends on several factors -- and a few potential drawbacks.

Moving from WPA2 to WPA3: Consider these factors

For one, understand that WPA3 has only been around for a couple of years. Since that time, researchers have found flaws in the latest standard. Thus, more vulnerabilities may come out, including defects that may be more damaging than what's been found in WPA2.

Secondly, and perhaps more importantly, WPA3 won't run on just any wireless hardware and software. The standard relies on Protected Management Frames, which often require users to update their hardware with chips engineered to support the technology.

Thus, depending on the type of WLAN you have deployed, migrating from WPA2 to WPA3 may or may not be possible without a hardware refresh. Additionally, not every major WLAN vendor supports WPA3. For example, Aruba Networks does, but Cisco Meraki does not. To that end, be sure to verify your preferred vendor supports the WPA3 standard.

Finally, Wi-Fi-capable endpoints must also be able to run WPA3. Most PCs, tablets, smartphones and Wi-Fi-enabled IoT devices you have deployed today probably do not support WPA3. It will take time to upgrade older hardware to gear capable of running the newer wireless security standard.

In the meantime, users considering WPA2 and WPA3 will have to rely on a WPA2-WPA3 mixed-mode strategy. Fortunately, most WLANs that can run WPA3 also support the older standard. This enables end devices that are WPA3-compatible to use the more advanced security standard, while all other devices can continue to connect to the Wi-Fi network with WPA2 protection.

This was last published in March 2020

Dig Deeper on Network Infrastructure