There are more Wi-Fi devices in active use around the world—roughly 9 billion—than there are human beings. That ubiquity makes protecting Wi-Fi from hackers one of the most important tasks in cybersecurity. Which is why the arrival of next-generation wireless security protocol WPA3 deserves your attention: Not only is it going to keep Wi-Fi connections safer, but also it will help save you from your own security shortcomings.

The Wi-Fi Alliance, a trade group that oversees WPA3, is releasing full details today, after announcing the broad outlines in January. Still, it'll be some time you can fully enjoy its benefits; the Wi-Fi Alliance doesn’t expect broad implementation until late 2019 at the earliest. In the course that WPA3 charts for Wi-Fi, though, security experts see critical, long-overdue improvements to a technology you use more than almost any other.

“If you ask virtually any security person, they’ll say don’t use Wi-Fi, or if you do, immediately throw a VPN connection on top of it,” says Bob Rudis, chief data officer at security firm Rapid 7. “Now, Wi-Fi becomes something where we can say hey, if the place you’re going to uses WPA3 and your device uses WPA3, you can pretty much use Wi-Fi in that location.”

Password Protections

Start with how WPA3 will protect you at home. Specifically, it’ll mitigate the damage that might stem from your lazy passwords.

A fundamental weakness of WPA2, the current wireless security protocol that dates back to 2004, is that it lets hackers deploy a so-called offline dictionary attack to guess your password. An attacker can take as many shots as they want at guessing your credentials without being on the same network, cycling through the entire dictionary—and beyond—in relatively short order.

'They’re not trying to hide the details of the system.' Joshua Wright, Counter Hack

“Let’s say that I’m trying to communicate with somebody, and you want to be able to eavesdrop on what we’re saying. In an offline attack, you can either passively stand there and capture an exchange, or maybe interact with me once. And then you can leave, you can go somewhere else, you can spin up a bunch of cloud computing services and you can try a brute-force dictionary attack without ever interacting with me again, until you figure out my password,” says Kevin Robinson, a Wi-Fi Alliance executive.

This kind of attack does have limitations. “If you pick a password that’s 16 characters or 30 characters in length, there’s just no way, we’re just not going to crack it,” says Joshua Wright, a senior technical analyst with information security company Counter Hack. Chances are, though, you didn’t pick that kind of password. “The problem is really consumers who don’t know better, where their home password is their first initial and the name of their favorite car.”

If that sounds familiar, please change your password immediately. In the meantime, WPA3 will protect against dictionary attacks by implementing a new key exchange protocol. WPA2 used an imperfect four-way handshake between clients and access points to enable encrypted connections; it’s what was behind the notorious KRACK vulnerability that impacted basically ever connected device. WPA3 will ditch that in favor of the more secure—and widely vetted—Simultaneous Authentication of Equals handshake.

There are plenty of technical differences, but the upshot for you is twofold. First, those dictionary attacks? They’re essentially done. “In this new scenario, every single time that you want to take a guess at the password, to try to get into the conversation, you have to interact with me,” says Robinson. “You get one guess each time.” Which means that even if you use your pet’s name as your Wi-Fi password, hackers will be much less likely to take the time to crack it.

The other benefit comes in the event that your password gets compromised nonetheless. With this new handshake, WPA3 supports forward secrecy, meaning that any traffic that came across your transom before an outsider gained access will remain encrypted. With WPA2, they can decrypt old traffic as well.

Safer Connections

When WPA2 came along in 2004, the Internet of Things had not yet become anything close to the all-consuming security horror that is its present-day hallmark. No wonder, then, that WPA2 offered no streamlined way to safely onboard these devices to an existing Wi-Fi network. And in fact, the predominant method by which that process happens today—Wi-Fi Protected Setup—has had known vulnerabilities since 2011. WPA3 provides a fix.