Quick Links

Wi-Fi encryption standards change over time as new ones are developed and older ones become insecure and obsolete. Here's a look at the best encryption you should be using to secure your Wi-Fi router in 2022.

The Best Wi-Fi Encryption is WPA3

As of February 2022, the best Wi-Fi security standard is called Wi-Fi Protected Access Version 3, or WPA3 for short. Introduced in 2018 by the Wi-Fi Alliance, there are several variations of the WPA3 standard:

  • WPA3-Personal: This is designed for individual and home Wi-Fi users. For ease-of-use, it allows you to pick your own arbitrary password, including one that might not be optimally secure.
  • WPA3-Enterprise: This standard enforces minimum 128-bit authentication encryption, 256-bit key derivation encryption, and the use of an authentication server instead of a password. It also utilizes Protected Management Frames for greater hack protection, and imposes other authentication requirements to secure the network.
  • WPA3-Enterprise with 192-bit Mode: This is similar to WPA3-Enterprise but with the option for minimum 192-bit encryption instead of 128-bit. It also ups the authentication encryption to 256-bit and the key encryption to 384-bit.

For home Wi-Fi users, the best choice is WPA3-Personal, since it won't require a deep knowledge of wireless security to configure properly. If you're running a business or organization with high data security needs, consult IT experts that can help you set up WPA3-Enterprise wherever possible.

Related: Why You Shouldn't Host an Open Wi-Fi Network Without a Password

The Wi-Fi Alliance also promotes a standard called "Wi-Fi Enhanced Open" that seamlessly applies a low-level of encryption (called OWE) to open Wi-Fi access spots (those that don't require a password). However, OWE has already been compromised by researchers. Even if it had not been compromised, we do not recommend running an open Wi-Fi access point.

Related: What Is WPA3, and How Do I Get It On My Wi-Fi Router?

What If My Devices Don't Support WPA3?

An Asus RT-AX88U Wi-Fi router on a stylized golden background.
ASUS

Since WPA3 is still moderately new, you may own some older devices that don't support connecting to a router configured to use WPA3 encryption. Or maybe your router doesn't support it either. If that's the case, you have several options:

  • Use WPA2 Instead: The older standards called WPA2-Personal and WPA2-Enterprise are insecure and have been compromised, but are still better than older Wi-Fi security standards. If you use WPA2 with AES encryption, hackers can intercept or inject data but not recover security keys (for example, the Wi-Fi password). If you use WPA2-TKIP, hackers can recover security keys as well and connect to your network, so avoid WPA2-TKIP completely.
  • Use a Transitional WPA2/WPA3 Mode: Many consumer Wi-Fi routers that support WPA3 also support a WPA3/WPA2 transitional mode that allows connections from devices using either WPA2 or WPA3 encryption. That way you can connect with WPA3 when possible, but also support legacy WPA2 devices.
  • Upgrade Your Devices: If already have a router that supports WPA3, you could purchase new devices or Wi-Fi adapters that support WPA3 and discontinue using older devices that don't support WPA3. If data security is important to you, this is a must.
  • Upgrade Your Router: If your router doesn't support WPA3 at all, it's probably time to buy a new router. If your router is particularly old, you'll likely be able to take advantage of faster Wi-Fi speeds available in new standards like Wi-Fi 6, too.

Encryption Standards to Avoid

Now that you've read about the best Wi-Fi encryption, we've created a rogue's gallery of obsolete and insecure wireless security standards to avoid. There are more out there, but these are the most prominent ones:

  • WEP (Wired Equivalent Privacy): This ancient wireless security standard from 1997 was compromised in 2005, but had already been deprecated in 2004. It is easy to crack quickly. Definitely do not use WEP.
  • WPA Version 1: Introduced in 2003, WPA version 1 (or plain "WPA" with no number beside it) was compromised in 2008 and again in 2009 to a greater extent. The crack is fast, sometimes taking less than a minute. Do not use WPA1.
  • WPA2-TKIP: WPA Version 2 using TKIP encryption was cracked in 2017 using the KRACK method, allowing hackers to reveal private security keys or passwords. As noted above, if you have to use WPA2, use AES encryption instead. As mentioned above, WPA2-AES has been compromised as well, but not to the same extent---yet.
  • WPS (Wi-Fi Protected Setup): This feature allows you to quickly connect a device to a Wi-Fi access point by pressing a button. The PIN involved is short and can be guessed with a brute-force attack, and anyone with physical access to the router can connect to your network. Avoid WPS and disable it if possible.

How Do I Change My Router's Wi-Fi Security Settings?

To check or change your router or access point's Wi-Fi security settings, you'll need to log in to the device's configuration interface. Most devices allow you to connect through a special local web address in a browser (such as 192.168.0.01), and others also allow you to configure them through a smartphone app. Check your router's documentation to find out how to do this.

Once you're logged in, look for labels like "Wireless Security," "Wireless Configuration," "Security Level," "SSID Setup," or something similar. Click it, and you'll likely see a drop-down menu where you can choose the encryption method used on your router.

Select "Security Level," then pick the Wi-Fi encryption method.

After choosing the strongest encryption your router supports, apply the changes and restart your router. When your router or access point starts up again, you're ready to go.

If your router doesn't support WPA2, you definitely need to upgrade to a new router immediately. If it doesn't support WPA3, it's time to strongly consider an upgrade as well. Stay safe out there!

Related: How to Access Your Router If You Forget the Password