Every corporate WiFi network that prompts for a username and password rather than a passphrase is running 802.1X authentication backed by a RADIUS server. The mechanism is invisible to end users but structurally different from home WiFi in ways that matter enormously for security. Understanding how it works explains why enterprise networks handle compromised credentials, device theft, and regulatory compliance requirements in ways that passphrase-based networks cannot. The Limitation of PSK Authentication Home and small office WiFi uses a pre-shared key: one passphrase, shared among all users and all devices.

In October 2017, security researcher Mathy Vanhoef published a paper describing Key Reinstallation Attacks — KRACK — against the WPA2 four-way handshake. The disclosure triggered emergency patches across every major operating system, router firmware, and WiFi chipset vendor simultaneously. It was the most significant WiFi security event between WEP’s collapse in the early 2000s and WPA3’s introduction in 2018. Understanding what KRACK was, and what it actually threatened, clarifies both the state of WPA2 security today and how the WiFi security ecosystem responds to structural vulnerabilities.

For fifteen years, the standard advice was simple: never use public WiFi without a VPN. The concern was legitimate — open networks transmitted all traffic in cleartext, readable by anyone in radio range with a packet capture tool. Sitting in a coffee shop and watching an unencrypted HTTP session between a neighboring laptop and a banking site was technically trivial. Sniffing credentials required nothing more than Wireshark and proximity. That threat model has changed in two independent directions: the web has largely moved to HTTPS, and WPA3 introduced Opportunistic Wireless Encryption for open networks.

WPA3 has been the current WiFi security standard since 2018. WPA2, its predecessor, has been deployed since 2004 and remains the majority protocol on networks worldwide. The gap between them is not cosmetic — there are genuine security improvements in WPA3 — but the threat model that justifies urgency depends on who is operating the network and what data crosses it. What WPA2 Actually Provides and Where It Falls Short WPA2 introduced AES-CCMP encryption to WiFi, replacing the broken WEP and transitional TKIP protocols that preceded it.