The Wi-Fi Alliance, responsible for the overseeing of Wi-Fi standards and protocols, has recently announced and began certification of the new WPA3 security protocol that is scheduled to be released in late 2019. This protocol will be used to supersede the WPA2 standard that has been in use for the last 14 years.
WPA3 aims to address existing security issues found in WPA2 and add extra protection for data and devices sent and connected via Wi-Fi connection. Some of the main improvements in WPA3 will help to reduce susceptibility to attacks like Man-in-the-Middle and also password attacks using dictionaries or brute forcing.
To protect against Man-in-the-Middle attacks, WPA3 will use Opportunistic Wireless Encryption whereby all data is encrypted as soon as the connection is made without requiring any authentication. Should an attacker intercept this data, they then have full access to any further data exchanged between the victim and the router.
To protect against offline password-guessing attacks, WPA3 will use a feature which prevents attackers from making multiple attempts at cracking a password on captured data from a Wi-Fi stream. After one failed attempt at cracking this password, the data will become unreadable and the attacker will be forced to interact with the router directly. However, interacting directly with a router requires the attacker to be within Wi-Fi range of the device for the entire duration of this attack, and this can sometimes take hours or even days! Another problem attackers will face with WPA3 is that networking devices can be configured to block access for any devices making repeated guesses on credentials. Conversely, with WPA2, the attacker can capture data from the Wi-Fi stream of that network and make an infinite number of attempts to try and authenticate using that offline data.