Difference between WEP, WPA, WPA2, WPA3, WPS WiFi Security

Spread the love

Most of us had connected to a WiFi network with our laptop, tablet or smartphone, and to join that network we had to select a network name and supply a password. Supplying a password implies (better) security, but there are different methods and protocols that are used in wireless networks to ensure security, some being less secure and some being more secure. Different WiFi security protocols include WEP, WPA, WPA2, WPA3 and WPS.

Open WiFi network

WiFi network can be just open with no password required. That means that anybody can join it. However in the majority of cases WiFi networks will be secured and will require a password. There are several different protocols that are used for securing a Wi-Fi network, and the oldest one being WEP.

WEP (Wired Equivalent Privacy)

WEP or Wired Equivalent Privacy was developed in 1999 and it’s the earliest security protocol that was used for wireless networks. As its name implies, it’s meant to supply the same security to wireless networks as it did for wired networks.

However, this turned out not to be the case. After some time it turned out that a 40-bit encryption key that WEP used was vulnerable and not secure, and therefore was easily hackable. That’s why today WEP is no longer used and modern WiFi routers won’t even have it as an option anymore. So a better security protocol was needed for wireless networks, and that brings us to WPA.

WPA (Wi-Fi Protected Access)

WPA or Wi-Fi Protected Access is another wireless security protocol that was developed to solve the problems of WEP. WPA is far better than WEP and this is because it uses a stronger encryption method called TKIP which stands for Temporal Key Integrity Protocol. TKIP dynamically changes its keys as it’s being used and this ensures data integrity.

Even though WPA is more secure than WEP, today even WPA is outdated because TKIP did have some vulnerabilities. And that brings us to WPA2.


WPA2 was developed to provide even stronger security than WPA, and it does this by requiring the use of a stronger encryption method. While WPA uses TKIP for encryption, which is known to have some limitations, WPA2 uses AES which stands for Advanced Encryption Standard.

AES uses a symmetric encryption algorithm and it is strong enough to resist a brute-force attack. AES is so secure that the U.S. federal government has adopted it and is now using it to encrypt sensitive government data.

WPA / WPA2 combined

On some WiFi routers there will be an option which includes both WPA and WPA2 protocols. This is a mixed security option which enables WPA and WPA2 at the same time, using both TKIP and AES security.

The reason for this option is for compatibility purposes because some older devices like prior to 2006 may not be compatible with using AES encryption that’s used in WPA2. These older devices will connect to the older WPA protocol but at the same time modern devices will connect to WPA2.

Why not just choose the mixed option all the time, since it’s the most compatible with all devices? Well you can do this but the problem is that in addition to using AES it’s also using TKIP. Since TKIP is not as strong as AES you’re leaving your network more vulnerable to a breach. If all of your devices are modern then the best option is to choose WPA2 which only uses AES.


The next generation of wireless security is WPA3. WPA3 was introduced in 2018 and according to the official WiFi website https://www.wi-fi.org/, WPA3 provides cutting edge security protocol to the market. It adds new features to simplify WiFi security and enable more robust authentication, and provide increased protection from password guessing attempts.

So far we discussed a few password protected security protocols, but there is another wireless security method that doesn’t require you to type in a password. This method is called WPS.

WPS (WiFi Protected Setup)

WPS stands for WiFi Protected Setup and it was designed to make it as easy as possible for devices to join a wireless network. There are a couple of different methods that are used with WPS, but the most common one is the ‘push button’ method.

For example, most routers today will have a physical WPS button that you can press. Let’s say that you have a printer which also has a WPS button, so to connect this wireless printer to your WiFi network you would press the WPS button on your WiFi router and within 2 minutes you would press the WPS button on your printer. This would initiate a connection process and your printer would connect to the Wi-Fi router in a few seconds. Another method is to use a WPS pin number during the WPS connection process.

WPS is the easiest way to join a wireless network and a lot of manufactures have built their wireless products with WPS. There’s one more method we need to talk about and this is called the Access Control or in some routers it’s called the MAC Filter.

Access Control / MAC Filter

With Access Control feature you can either allow or block devices from joining your network. Every network adapter has a MAC address (MAC address is a hexadecimal number that uniquely identifies each device on a network). With Access Control you can either allow or block access by using the device’s MAC address. When a device is blocked it would only be able to get an IP address from your router but it won’t be able to communicate with any other device and it would not be able to connect to the Internet. The Access Control is just an extra layer of security that’s in addition to your WiFi password. However, keep in mind that MAC address can be easily spoofed.

Author: cicnavi