How secure is WPA2?

I've known different kinds of encryption for networks, and I've been told that WPA is the recommended network encryption. They say WEP is not really safe anymore, as any good hacker can easily crack it. So, how is WPA safer? I am no hacker and just want a general idea on this, so please answer in layman's terms. Thank you very much.

 

Well, its not safe. In fact, there isn't a safe wifi tech out there, which is why a lot of people are looking for more secure ways.

The internet is full of posts and articles about people who were able to do it:

http://tech.blorge.com/2015/12/15/i-hacked-my-wireless-network/264
http://www.pcmag.com/article2/0,2817,2352231,00.asp

and so on.

The way to keep things secure is to:
1. use routers built for security
2. have an intrusion detection software handy
3. be careful what public networks you connect to.

 

I can never bring myself to trust anything these days when it comes to security. Having heard stories on the news what seems like daily about security breaches, and knowing those are only the big cases that are newsworthy and that there is more out there, and given my nature to be skeptical, I just always assume the worst. Those sites that say secured and are different colors mean nothing to me.

 

I hacked our own WEP encypted wifi when I was 13 (when my parents changed the password to force me to study) just by following a youtube tutorial. It's so easy anyone can do it even if they only vaguely understand what they're doing.

I was about to say you could only decrypt WPA2 passwords by using dictionary or brute force attacks but I just discovered there are windows applications that do that somehow faster and more efficiently... sometimes? I don't know, I haven't tried any of them and I'm somewhat disinterested in them in general but googling them gives results, so it is hackable with ease.......... sometimes.

It remains as the best WiFi encryption we have yet though, afaik. So you're really out of options. All you can do is choose WPA2 and pick a very strong password, and if you're too concerned you can always change the password every week or so.

 

Thanks for the replies. So I guess with all the hackers, programs and security exploits present today, we have to settle for nothing less than the best WiFi encryption available. I plan to hack my own network soon, but don't have the luxury of time. It's definitely worth a shot.

 

I have seen these option, but didn't know which one is the best, WEP, WPA, and WPA2 and I just picked the one that recommended for my devices.

 

Well, I did a bit of research on this. Any of them will do actually, as long as there is no hacker really willing to hack your network. WEP is more of a "Don't Trespass" sign only. Anyone who desires to hack your password can do it easily. Tools are readily available on the Internet. WPA2 is the recommended encryption today and it will take a really good hacker with a very powerful PC to hack it. Well, that is if you use a password that's good enough. Having passwords like, "iloveyou" and "iamhandsome" won't do.

 

WEP and WPA are a complete waste of time. WPA2 is going to be better but it doesn't take a whole lot of skill to break into it either. There are a number of practices involved in securing your connection that involve more than the wireless encryption protocols themselves.

 

I better remember WPA2 setting for the future. Right now if I attempt to do that, I will mess myself up big time, and calling any business place to have it fixed will take half a day, plus tons of headaches. I hope my password is strong enough to cover me for now

 

A "strong password" as you put it won't do you any good on wep and probably wont matter much in the long run on WPA either. Changing the encryption used by your router should be a simple matter. Post the model of router/modem you use and I can give you better instruction.

 

Nytegeek is correct, changing the encryption is easy; it can be done in a matter of seconds. Well, as an alternative, you can set up Mac Address Filters on your router if it has the option. That puts another wall/level of security to your network and keeps off anyone trying to hack into your network. You can also disable the SSID broadcast of your router, so that it won't appear in the available networks. It will keep of the average or wannabe hackers, but that's it.

 

@spence88 Makes some good suggestions. They wont keep a determined and or skilled person out, but they will certainly discourage them from trying. Unfortunately sometimes the best we can hope for is to be a less appealing target.

 

No home router will ever get you 100% protection , if you are really really concerned with security you should consider investing into some more expensive pieces of equipment because that's the difference between consumer and professional grade gear, but, as somebody said already, it all comes to security best practices because you can have the best equipment in the world and if you use a weak password or are careless not even a military grade type of thing will protect you enough. WPA2 is relatively secure providing the password is good, but something like RADIUS is better although much more complicated and expensive to set up.

 

You could also keep one machine off grid Just never connect it to the internet and do all your "top secret" stuff on it.
Security is not always about keeping the system secure though. Its also about making sure that you don't let unknown people know your basic information or give out valuable content. Keep things secret if you don't want them known.

I wish the Game of Thrones creators would have done that last year. Or maybe it wasn't a hack. Someone said it was a leak and not a hack because it came from the system of a journalist who had been given the first 5 episodes. The leak ruined the fun of watching for a lot of us.

 

Well, I am currently using a WPA connection and it seems to be safe but I do not really know about WPA2 myself, I have heard that it is way easier to break in than the normal WPA, it is all about trying and making sure it is right.

 

You have that backwards. WPA is more vulnerable than WPA2. WPA2 is breakable, but it is significantly more secure than WPA.

 

Let me clear up some confusion here. No standard is going to be 100% secure, but some are better than others. Below is a list with 1 being the most secure and 6 being the least:

This all hinges on completely disabling WPS as WPS presents a vulenrabilty to WPA and WPA2 security. The vulenrablility is something that would take somebody about 14 hours straight of work with a fairly modern machine to take advantage of, but it is still something that should be avoided.

 

Security is getting to be a burden especially in wifi networks. Our tech in the office said that it is a good precaution to change the password regularly, say once a week or even twice a week. However, a new password all the time may confuse the users particularly if there are lots of users of the wifi network. Our home wifi is using the simple WPA. And we don't care if neighbors would hack the network because we turn off the router when not in use.

 

WPA2 has loopholes in the algorithm that allow it to be cracked. Not as easily as WPA or WEP (almost instant if you have about 5 or 10 minutes), but you can still get through if you have enough time. WPA2 can take days to weeks depending on the complexity, but the hole in it guarantees it won't take much longer than that if a person can manage to get your SSID and stay undetected long enough to get responses back quickly enough that tell them whether or not they have the right result. Rainbow tables are used at times to do this more quickly if it's a plain text password (post-decryption).

Common tools like AirCrack, AirSnort, and WildPackets tools like Omnipeek can be used to do about half to 3/4 of this in a pinch, and updated distributions of Backtrack Linux have most of it put together for the intermediate penetration testers to use (in any form they want). Usually you get the best results using Atheros adapters (but it will work with others most of the time; I've just had the best time with Atheros over Realtek and others). All of these tools can be used to get onto other people's networks certainly...but it should really be used to best secure your own and protect yourself as much as you can. The best offense is a good defense in this case.

 

Changing the password every so often is a good idea, but I'm not sure that weekly or twice weekly is really actually needed. Using a strong password on a WPA2 + AES setup that is changed at certain intervals is the best approach. In a business environment you want to be changing it from time to time, but not so often that it is going to cause problems. At home, change it as often as you want.