Overview:
WPA3 is the current Wi-Fi security standard, designed to address WPA2 vulnerabilities and meet modern compliance requirements. Migrating now ensures stronger security, operational continuity, and readiness for future technologies like Wi-Fi 6E and Wi-Fi 7.
WPA3 was announced by the Wi-Fi Alliance in January 2018, and certification began in June 2018. The Wi-Fi Alliance officially introduced Wi-Fi CERTIFIED WPA3 on June 25, 2018. WPA3 became mandatory for all devices bearing the "Wi-Fi CERTIFIED" logo starting July 1, 2020.

WPA2 vs WPA3 Comparison

FeatureWPA2WPA3
AuthenticationPSK (vulnerable to attacks) SAE (resistant to brute force)
EncryptionAES-128AES-GCM-256 / CNSA 192-bit
Forward SecrecyNoYes
IoT supportLegacy IoT SupportMay be compatibility issues
ComplianceAging standardMeets CNSA & Wi-Fi 6E requirements

Key Benefits

  • Stronger Security: SAE handshake prevents offline attacks.
  • Future Proof: Mandatory for Wi-Fi6E and beyond
  • Compliance: Aligns with government-grade encryption standards
  • IoT Ready: Simplifies secure onboarding of smart devices

WPA3 use within the Big10

Based on an informal survey, at least 7 Big10 schools have been using WPA3 for some time. They reported some issues at implementation due to software bugs, and some had a few (<5) issues with older clients, and devices that have passed their end of life. As of the survey they reported things are running smoothly.

Migration Roadmap

  1. Assessment
    • Identify legacy devices that may have potential issues with WPA3.
  2. Infrastructure Upgrade
    • Enable WPA3 transition mode for mixed environments:
      1. UI-Guest – Tuesday, January 7th to encrypt communications for supported devices.
      2. eduroam – Over spring break, depending on testing.
      3. UI-DeviceNet – TBD
  3. User Communication
    1. Create campus maintenance alert.
      1. Send e-mail IT Admins regarding changes.
      2. Presentation to IT Admins in February

Potential Compatibility Issues with older devices*

NES will perform limited troubleshooting for issues with unsupported devices as they are vulnerable to other security issues.

  • Apple devices NO longer supported
    1. iPads (released 2010 - 2013 / Generations 1 - 4
    2. iPad Mini (released 2012 - 2015 / Generations 1-3)
    3. iPad Air (released 2013 - 2014 / Generations 1-2)
    4. All iPod Touches
    5. iPhones 5, 5S, 6, & 6 Plus and earlier
    6. Macs earlier than 2013 and cannot run MacOS Catalina (10.15)
  • Android devices NO longer supported
    1. Devices that cannot run Android 10 or later.
  • Linux devices SUPPORTED
    1. Ubuntu/Debian: Ubuntu 20.04 and later, Debian Bookworm (12) and later have the necessary software components.
    2. Fedora/RHEL: Recent versions with Network Manager 1.30+ and wpa_supplicant 2.9+
    3. Arch Linux: Rolling release, so current versions support WPA3 with proper configuration.
    4. Linux Mint: Version 21.3 (based on Ubuntu 22.04) supports WPA3.
  • Windows devices NOT supported
    1. Devices running anything earlier than Windows 10/11 1903 (May 2020 update). 

*Even if the device can run newer operating system versions, if the Wi-Fi hardware and/or drivers on the device is out of date, issues may still be possible.

Last updated
Article number
11456