Protocols and encryption

2.3 Compare and contrast wireless security protocols and authentication methods.

📘CompTIA A+ Core 2 (220-1202)

Wireless networks must protect data that travels through the air. Anyone nearby could try to intercept that data, so wireless security protocols and encryption methods are used to:

  • Authenticate users and devices
  • Encrypt data so it cannot be read by attackers
  • Prevent unauthorized access to the wireless network

For the CompTIA A+ exam, you must understand WPA2, WPA3, TKIP, and AES, how they work, and how they compare.

1. Wi-Fi Protected Access 2 (WPA2)

What is WPA2?

WPA2 is a wireless security protocol that replaced older and insecure standards such as WEP and WPA.
It is still widely used in many organizations and is considered secure when properly configured.

Key Features of WPA2

  • Uses AES encryption (mandatory)
  • Supports strong authentication
  • Protects wireless data from eavesdropping
  • Common on older routers, access points, and client devices

WPA2 Modes

WPA2 comes in two main modes:

WPA2-Personal (WPA2-PSK)

  • Uses a pre-shared key (PSK), also called a wireless password
  • Common in small offices and home networks
  • All users share the same password

WPA2-Enterprise

  • Uses a RADIUS server for authentication
  • Each user has unique credentials
  • Common in business and enterprise networks
  • Supports centralized user management

Exam Notes for WPA2

  • WPA2 uses AES, not TKIP (TKIP is optional and legacy)
  • Stronger than WPA, but weaker than WPA3
  • Still appears in many exam scenarios

2. Wi-Fi Protected Access 3 (WPA3)

What is WPA3?

WPA3 is the newest and most secure wireless security protocol.
It was designed to fix weaknesses found in WPA2.

Key Improvements Over WPA2

  • Stronger encryption
  • Better protection against password-guessing attacks
  • More secure authentication process
  • Improved security for open networks

Important WPA3 Features

Stronger Encryption

  • Uses modern cryptographic standards
  • Protects data even if the password is weak

SAE (Simultaneous Authentication of Equals)

  • Replaces the WPA2 handshake
  • Prevents offline password-cracking attacks
  • Each login attempt must happen live

Enhanced Open (OWE)

  • Encrypts traffic even on open Wi-Fi networks
  • No password required, but data is still encrypted

WPA3 Modes

  • WPA3-Personal: Improved password-based security
  • WPA3-Enterprise: Uses stronger encryption (192-bit security)

Exam Notes for WPA3

  • Most secure wireless standard
  • Designed to replace WPA2
  • Not supported on very old devices
  • Preferred choice when available

3. Temporal Key Integrity Protocol (TKIP)

What is TKIP?

TKIP is an encryption protocol introduced with WPA as a temporary fix for WEP’s weaknesses.

Key Characteristics of TKIP

  • Uses RC4 encryption
  • Changes encryption keys frequently
  • Designed to work with older hardware
  • Considered obsolete and insecure today

Why TKIP Is No Longer Secure

  • Vulnerable to modern attacks
  • Slower than modern encryption methods
  • Officially deprecated

Exam Notes for TKIP

  • Legacy technology
  • Found in WPA and early WPA2
  • Not recommended for modern networks
  • If you see TKIP on the exam, think old and weak

4. Advanced Encryption Standard (AES)

What is AES?

AES is a strong, modern encryption standard used to protect data in wireless networks and many other security systems.

Key Characteristics of AES

  • Uses 128-bit or stronger encryption
  • Very fast and efficient
  • Resistant to known attacks
  • Approved by governments and security organizations

AES in Wireless Security

  • Mandatory in WPA2
  • Required in WPA3
  • Used to encrypt all wireless data traffic

AES vs TKIP

FeatureAESTKIP
SecurityVery strongWeak
SpeedFastSlower
StatusCurrent standardDeprecated
Used inWPA2, WPA3WPA (legacy)

Exam Notes for AES

  • Best encryption choice
  • Always preferred over TKIP
  • If asked which encryption is secure → AES

Comparison Summary (Very Important for Exam)

TechnologyTypeSecurity LevelExam Relevance
WPA2Security protocolSecure (older)Very common
WPA3Security protocolMost secureNew standard
TKIPEncryption protocolWeak / legacyAvoid
AESEncryption protocolStrongBest choice

Key Exam Takeaways (Memorize These)

  • WPA3 is more secure than WPA2
  • AES is secure; TKIP is not
  • WPA2 uses AES
  • WPA3 improves authentication and encryption
  • TKIP = old and insecure
  • AES = modern and strong

How This Appears in Exam Scenarios

You may be asked to:

  • Choose the most secure wireless option
  • Identify legacy vs modern encryption
  • Recommend a protocol for a business wireless network
  • Compare WPA2 and WPA3 security features

Correct answers almost always point to:

  • WPA3 + AES for best security
  • WPA2 + AES if WPA3 is not supported
Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by