If WPA2-PSK is insecure, what other options do home users have?

There are two (main) modes in which to run WPA2. You can use enterprise mode or pre-shared key (PSK) mode.

If you run in enterprise mode you need to set up an authenticating RADIUS server, and configure certificates on the clients that will connect to the access point. Furthermore you need to configure the AP will all the relevant information. This level of effort is well beyond the abilities of a typical user.

WPA2-PSK mode uses a pre-shared key that both the client and AP know. This is the password, and simply using a password is within the technical abilities of most users. The password is never actually exchanged when a client connects to an AP. Instead there a is a four way handshake that occurs. Through this process the client can prove to the AP that it knows the PSK.

WPA2-PSK is not really insecure. Instead I would say it's vulnerable to a brute force attack. If an attacker can capture a 4 way handshake (a trivial task) they can run that handshake through a dictionary in order to derive the PSK. This is the key part. Just like with normal password hashes long, complex passwords are they key to making the brute force attack un feasible.

As a final note: WPA2-PSK networks are "salted" with the name of the AP. Rainbow tables exist with precomputed hashes for the most common AP names that exist (think "hilton-hhonors", "starbucks" etc). A way to get a unique salt (and thus defeat the rainbow table) is to have a unique AP name.

Edit: If you're curious about what a "good" password length then is if you have to use PSK? According to IEEE 802.11i (the amendment that details WPA2)

A pass-phrase typically has about 2.5 bits of security per character, so the pass-phrase mapping converts an n octet password into a key with about 2.5n + 12 bits of security. Hence, it provides a relatively low level of security, with keys generated from short passwords subject to dictionary attack. Use of the key hash is recommended only where it is impractical to make use of a stronger form of user authentication. A key generated from a pass-phrase of less than about 20 characters is unlikely to deter attacks*.

*Emphasis mine. However keep in mind 802.11i was published in 2004. Computing power has since changed. I would still agree though that 20 characters is pretty good.


I know that there is a vulnerability with WPS, even when using WPA2, but aside from that is WPA2-PSK really secure?

Define secure. In the general sense, if you have WPS disabled, are using a long PSK and avoid default SSIDs, you should be okay. Unless you have a reason to have your network targeted by an entity with resources to brute force your network, you will likely be more than safe enough.

There are a few things on the horizon that have promise for some increased security options. First, the Wi-Fi Alliance proposed WPA3 as a certification track to improve on WPA2. While WPA3 is not standards based (i.e. it is not based on an amendment to IEEE 802.11) and has several flaws, it shows there is interest in improving wireless security before WPA2 becomes irrelevant. I expect it to join WPA in the history books when replaced by a relevant standard, but just like WPA take it for what it is...namely a non-standard attempt to improve on the previous wireless security standard.

Second, top enterprise wireless solutions are already shipping with the capability to define PSKs per device. This is not standardized and different vendors do it differently at present, but this means that cracking a PSK is less damaging and exploitation may be more noticeable (if a PSK is tied to a MAC address, cloning the MAC is possible, but will often result in connection problems for both devices attempting to use the MAC). When many vendors (who are heavily invested/involved in IEEE and WFA) tend to find value in a feature like this, it often becomes standardized and implementation can start trickling down to consumer devices.

Third, the simple fact that there is more discussion about WPA2 and if it is secure, by users and media alike. While the IEEE currently doesn't have an 802.11 working group tasked with a security amendment, I would not be surprised if one is started in the next year or two.

how home users can secure their networks?

  1. Disable WPS. Number one security vulnerability on home wireless networks is WPS.
  2. Keep device drivers and firmware up to date. This applies to both the AP/gateway device and to all wireless clients.
  3. Use a long PSK. 20+ characters is often considered enough, but most devices will accept a PSK up to 63 characters in length.
  4. Choose your SSID name with some thought.
    • You want to avoid using something too common as it is used along with your PSK to generate your encryption. Common SSIDs can have pregenerated hash tables to compare against.
    • You want to avoid using an SSID that is too uncommon. If your SSID is too unusual, it can potentially be used as a means of locating your home. There are a number of publicly available online databases that contain information (often including coordinates) that can be queried.