WPA status - WiFi Security and WiFi7

[sfx2000]

Curious to see where folks are - not a loaded question, but it's relevant to where WiFi7 is with security...

MLO requires WPA3 on any band it is used with, even on 5Ghz and 2.4Ghz...

 

[sfx2000]

@thiggins - similar to the IPv6 poll a couple of weeks back...

 

[sfx2000]

Wi-Fi 7 mandates the support for WPA3 and Enhanced Open (based on OWE) along with Protected Management Frame (PMF) for the clients to operate in802.11be data rates and features like MLO. There are new AKMs (AKM 24 and 25) added for WPA3-Personal. Additionally, Wi-Fi 7 requires beacon protectionfor both the AP and the Wireless Clients. With MLO, security needs to be established across all the links of a multi-link association. The security requirementsare to mainly make the Wi-Fi networks more secure and protect against cyberattacks.

 

[JoeHz]

I only have a wifi6 capable router (An RT-AX86U_Pro) as I own zippo in the way of Wifi7 capable devices.

When I got the router that supported it, I enabled the WPA3 (and now the Mac I use to develop for ios was satisfied -- it was right unhappy about things being WPA2).

Trying to get off of WPA2 entirely isn't doable as we have devices that don't know nothing about no WPA3. Even our one year old SleepNumber bed cannot handle it.

So it's pointless/impossible to make a WIfi7 device that doesn't support WPA3 because you won't be able to connect at such speeds without it? Or are we going to see routers that don't enforce this requirement in the spec because of this?

 

[sfx2000]

Trying to get off of WPA2 entirely isn't doable as we have devices that don't know nothing about no WPA3. Even our one year old SleepNumber bed cannot handle it.

Yeah, IoT devices are the major challenge - even 7 years later after WPA3 was released (yes, it's been that long, WPA3 was in June 2018).

WiFi Alliance for their part, they've made WPA3 conformance a requirement for some time now, but many IoT devices are not certified, and many of the chipsets may or may not, depending on vendor and even firmware level items.

It's interesting to note that all of the ISP deployed residential gateways within range for a quick audit (and this is DSL, Cable, and 5G-FWA) - they all default to WPA2 for 2.4 and 5GHz, probably for Tech Support simplicity - where the challenge for them is 6GHz coverage, where both WiFi6e and WiFi7 mandate WPA3...

WPA2/3 mixed (transitional) is likely the best approach, esp for WiFi7, as this does help for the 11be (aka EHT) and other WiFi7 features such as MLO, while allowing WiFi4/5/6 clients to still work on 2.4/5 bands...

Where it can get complicated, is when one has a diverse set up with Mesh, such as AI Mesh, where the dissimilar mesh points may or may not support the designated auth methods and/or radio modes...